1 / 7

Comprehensive Progress Report on Gridification Architecture and Authentication Control Flow

This detailed report outlines the gridification progress of Martijn Steenbakkers for the grid fabric project at CERN, focusing on architecture, authentication control flow, gatekeeper, LCAS, TLS authentication, and more. It includes the development status, bug fixes, new patches, and future plans for further enhancements. For more information, visit the provided documentation link.

kirra
Télécharger la présentation

Comprehensive Progress Report on Gridification Architecture and Authentication Control Flow

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Gridification progress report For gridification: Martijn Steenbakkers hep-proj-grid-fabric-gridify@cern.ch

  2. Gridification Architecture

  3. Authentication control flow EDG gatekeeper NOW (EDG1.2), EDG 1.3 EDG1.4, EDG2.x Gatekeeper Gatekeeper LCAS config TLS auth TLS auth ACL Id timeslot Yes/no LCAS (so) LCAS client gridmap LCMAPS clnt LCMAPS Id assist_gridmap config apply creds * credlist Jobmanager-* Jobmanager-* role2uid role2afs * And store in job repository

  4. LCAS 1.0 (EDG release 1.2) • First prototype: shared object (lcas.mod) • Dynamic library calls from edg-gatekeeper • 3 static authorization modules: • Allowed users (grid-mapfile or allowed_users.db) • Banned users (ban_users.db) • Available timeslots (timeslots.db) • LCFG object obj-lcas installs authorization databases • No plug-ins supported yet • Documentation: http://www.dutchgrid.nl/DataGrid/wp4/lcas/

  5. Integration tests • Linked dynamically instead of statically • Development testbed: occasional crashes (hard to reproduce) • Bugzilla bugs: 431, 471 • Memory corruption and memory leaks in Globus code (found a.o. with insure++) • New patch available: edg-gatekeeper-2.0.3-21d • ATF discussion last week: Rewrite gatekeeper ?

  6. LCAS 1.1 (EDG release 1.3) • Shared object with the 3 authorization modules • Plug-in framework added (based on dynamic library calls) • List of plug-ins to be loaded in lcas.db • Example plug-in: lcas_plugin_example.c • Plug-in has to provide the following interfaces: • int plugin_initialize(int argc, char ** argv) • int plugin_confirm_authorization( lcas_request_t request, lcas_cred_id_t user_cred) • int plugin_terminate() • Documentation soon available • Please develop plug-ins (ACL, accounting, quota checks)

  7. Future • LCMAPS local credentials • Library implementation of credential generation plug-in framework • Replace gridmap(dir), but keep functionality • Logical place to add role support • EDG release 1.4 (?) • AFS/Kerberos support: EDG release 2.x • LCAS 2.0: • first prototype AAA server with simple policy language • EDG release 2.0 (?) • Additional modifications to gatekeeper required • error&status handling: Getting a useful message to the user • Rewrite partially ? • Other components (job repository, FLIDS, FABNAT) > EDG 2.x

More Related