Line: 1 to 1 | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||
Changed: | |||||||||||||||||||||
< < | CEMon Service Reference Card | ||||||||||||||||||||
> > | CEMon Service Reference Card for EMI-1 | ||||||||||||||||||||
Daemons running
Init scripts and options (start|stop|restart|...)
Configuration files location with example or template
Logfile locations (and management) and other useful audit informationThe relevant log files are:
log4j.logger.org.glite=info, fileout
log4j.logger.org.glite=debug, fileout
Open ports
Possible unit test of the serviceTBDWhere is service state held (and can it be rebuilt)CEMon job related information are kept in the filesystem in the directory/var/cemonitor
Cron jobsNoneSecurity informationAccess control Mechanism description (authentication & authorization)AuthenticationAuthentication in CEMon is managed via the trustmanager. The Trust Manager is the component responsible for carrying out authentication operations. It is an implementation of the J2EE security specifications. Authentication is based on PKI. Each user (and Grid service) wishing to access CEMon is required to present an X.509 format certificate. These certificates are issued by trusted entities, the Certificate Authorities (CA). The role of a CA is to guarantee the identity of a user. This is achieved by issuing an electronic document (the certificate) that contains the information about the user and is digitally signed by the CA with its private key. An authentication manager, such as the Trust Manager, can verify the user identity by decrypting the hash of the certificate with the CA public key. This ensures that the certificate was issued by that specific CA. The Trust Manager can then access the user data contained in the certificate and verify the user identity.Authorization for the CEMon serviceAuthorization in CEMon can be implemented in two different ways (the choice is done at configuration time):
How to block/ban a userIf ARGUS is used as authorization system, ARGUS can be used to ban users.Security recommendations
|