Experimental Physics and
Industrial Control System
| 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 <2010> 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 <2010> 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 |
| <== Date ==> | <== Thread ==> |
|---|
| Subject: | Re: VxWorks and Radius Authentication |
| From: | Ralph Lange <[email protected]> |
| To: | Stephen Lewis <[email protected]> |
| Cc: | EPICS Tech Talk <[email protected]> |
| Date: | Thu, 05 Aug 2010 16:33:02 -0400 |
|
For the conserver-server, connecting to the soft IOC under procServ
is exactly the same as connecting to a VME IOC connected to a
terminal server - it opens a telnet connection to a port on the
remote host. If procServ only provides access from localhost, there are two options: 1. The conserver-server connects opening a ssh connection to the softIOC host using a key that is configured to call "telnet localhost nnnn" to connect it to the softIOC. (Or explicitly calling "telnet localhost nnnn" on the other side.) 2. The softIOC host runs a conserver-server locally, which can simply run telnet to get to the softIOC. conserver supports configurations with multiple conserver-servers. Its client (called console) only needs the IP of one of the conserver-servers. When console connects, the conserver-server redirects it to the instance that actually hosts the connection the clients wants to get to. So, on any client machine, typing "console <ioc-name>" connects you to that IOC's console, no matter which conserver-server hosts the connection, no matter if it is a soft IOC or a VME box. The main advantages of putting conserver on top are: - One way to connect to softIOCs and VME IOCs, no configuration on the client machine (other than the IP of one conserver-server) - Authentication / Authorization: password-based auth, allows specifying user groups with different access rights on different consoles - One way of logging all console output (with timestamps) to file or into the syslog protocol - Replay buffer that can show the console activity before you connect - Only one user at a time has write access, all others are read-only, but users with matching authorization may take over a console Ralph 05.08.2010 15:26, Stephen Lewis wrote: How does conserver fit it with procServ? ÂSeems like it is harder to use and very centralized. ÂI use procServ and have a simple shell script that looks up the telnet host/port in a table by IOC name. |
- References:
- VxWorks and Radius Authentication Gary Carr
- Re: VxWorks and Radius Authentication Ralph Lange
- Navigate by Date:
- Prev: Re: How do I install to $prefix/EPICS/bin, $prefix/EPICS/lib etc.? Andrew Johnson
- Next: Re: How do I install to $prefix/EPICS/bin, $prefix/EPICS/lib etc.? Ralph Lange
- Index: 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 <2010> 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024
- Navigate by Thread:
- Prev: Re: VxWorks and Radius Authentication Eric Norum
- Next: Theweb site for the EPICS October meeting is now open. http://www.bnl.gov/epics/ Dalesio, Leo
- Index: 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 <2010> 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·