EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  <20102011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  <20102011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: Re: access security file
From: Andrew Johnson <[email protected]>
To: [email protected]
Date: Fri, 3 Sep 2010 14:46:18 -0500
Hi Pierrick,

On Friday 03 September 2010 12:59:42 Pierrick Hanlet wrote:
> In the access security file, can one use ip addresses instead of names for
> the hosts? If so, can one use wildcards.  In my example, I want to have
> give an entire subnet READ access, so I want to have
>
> HAG(hag) {123.45.678.*}
>
> I couldn't find the answer in chapter 8 of the Application Developer's
> Guide.

When parsing the access security file, all host-names get converted to lower-
case and then added as a key to a hash table, to make it very efficient to 
look up the HAG from the host-name whenever a new CA client connects to the 
IOC at runtime.  The client host-name that it looks up is provided by the CA 
client machine, I think it's usually the same as the output from 'uname -n' or 
'hostname' run on the client machine.  The name does get lower-cased before 
the hash lookup, but that's the only flexibility you have with the name 
matching â if the client's host-name is domain-qualified, your access security 
file must include the domain in the name too.

This means that you can add lots of host-names to your HAGs without slowing 
the IOC down, but you can't use IP addresses or any kind of wild-card in the 
access security file.  I have clarified this for the next release of the 
AppDevGuide.

There is a make rule in the EPICS build system that allows you to 

- Andrew
-- 
The best FOSS code is written to be read by other humans -- Harald Welte



References:
access security file Pierrick Hanlet

Navigate by Date:
Prev: access security file Pierrick Hanlet
Next: Re: access security file Andrew Johnson
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  <20102011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: access security file Pierrick Hanlet
Next: Re: access security file Andrew Johnson
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  <20102011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 03 Sep 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·