I am wondering if someone can help clarify something for me. I have been reading the documentation regarding authentication and security in Fedora and in the sample policies from this page http://www.fedora.info/download/2.2/userdocs/server/security/xacml-policies/examples/example-repository-policies/apia-tighten-defaults/apia-restrict-all-methods/deny-apia-if-not-tomcat-role.xml it has this info below which mentions the tomcat-users.xml
"<Policy PolicyId="deny-apia-if-not-tomcat-role" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" xsi:schemaLocation="urn:oasis:names:tc:xacml:1.0:policy http://www.fedora.info/definitions/1/0/api/cs-xacml-schema-policy-01.xsd";> − <!-- ********************************************************************************************************************************************************* --> − <!-- This policy will DENY access to ALL API-A methods to users who are NOT in the administrator or professor ROLES. --> − <!-- ********************************************************************************************************************************************************* --> − <!-- NOTE: User ROLES are defined using custom Fedora attributes in the tomcat-users.xml file. --> − <!-- See the Fedora system documentation on Tomcat Authentication for details of how to specify custom attributes --> − <!-- (such as 'fedoraRole') in the tomcat-users.xml file. --> − <!-- ********************************************************************************************************************************************************* -->" When I read the documentation for Fedora 2.2 ( http://www.fedora.info/download/2.2/userdocs/server/security/AuthorizationXACML.htm#ATTR ) though there is no mention of tomcat-users.xml but does mention the fedora-users.xml. Should the above sample policy refer to the fedora-users.xml instead of tomcat-users.xml? The documentation for Fedora 2.1 http://www.fedora.info/download/2.1b/userdocs/server/security/AuthorizationXACML.htm#ATTR does mention the tomcat-users.xml. Is that still valid in 2.2? My real question is can Fedora use container based security or is it just reading these xml files to get user/role info? We are developing a Drupal module as a frontend for Fedora and we are thinking that a custom realm for tomcat that actually uses drupal's database to determine roles etc,. instead of the tomcat-users.xml or the fedora-users.xml file may solve some of our problems. Thanks, Paul Thanks, Paul ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
