Control System Studio Training - Authentication, Authorization - PowerPoint PPT Presentation

control system studio training authentication authorization n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Control System Studio Training - Authentication, Authorization PowerPoint Presentation
Download Presentation
Control System Studio Training - Authentication, Authorization

play fullscreen
1 / 8
Control System Studio Training - Authentication, Authorization
178 Views
Download Presentation
coby
Download Presentation

Control System Studio Training - Authentication, Authorization

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Control System Studio Training-Authentication,Authorization Kay Kasemir ORNL/SNS kasemirk@ornl.gov April 2013

  2. Example: Alarm System ! Only authorized users can change the configuration  

  3. Auth & Auth • Authentication: Confirm a user's identity • Check password • Authorization: Is user permitted to do something? • Requires authenticated user • Some database: User “Fred” may configure alarm

  4. Can’t we just ignore this? No.If you don’t configure auth & auth,nobody can do anything What follows is the simple “anybody can do anything” setup.

  5. Auth & Auth in CSS Plugin: org.csstudio.security preferences.ini: Available optionsjaas.conf: Example (default) authenticationauthorization.conf: Example (default) file-based authorization See also Auth & Aut chapter in http://cs-studio.sourceforge.net/docbook/css_book.pdf

  6. Authentication Defaults Preference:org.csstudio.security/jaas_config_file= platform:/plugin/org.csstudio.security/jaas.conforg.csstudio.security/jaas_config_name=dummy See content of jaas.conf • On CSS startup: ‘current user’ • File/Login allows any name (except ‘fail’), ignoring password

  7. Authorization Defaults Preference:org.csstudio.security/authorization_provider=FileBasedorg.csstudio.security/authorization_file_name= platform:/plugin/org.csstudio.security/authorization.conf See content of authorization.conf # Anybody can acknowledge alarmsalarm_acknowledge=.* # Specific users may configure alarmsalarm_config = fred , jane

  8. For Operational Setups Authentication • File-based (plain text name, password) • LDAP, Kerberous,.. • See jaas.conf example, Google JAAS Authorization • File-based (authorization=list of name patterns) • LDAP group based • Call external script • Implement your own OSGi AuthorizationProvider