Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ### Authenticated ACL - those applies only when the client
- ### has a valid certificate and is thus authenticated
- # allow nodes to retrieve their own catalog (ie their configuration)
- path ~ ^/catalog/([^/]+)$
- method find
- allow $1
- # allow nodes to retrieve their own node definition
- path ~ ^/node/([^/]+)$
- method find
- allow $1
- # allow all nodes to access the certificates services
- path /certificate_revocation_list/ca
- method find
- allow *
- # allow all nodes to store their reports
- path /report
- method save
- allow *
- # inconditionnally allow access to all files services
- # which means in practice that fileserver.conf will
- # still be used
- path /file
- allow *
- ### Unauthenticated ACL, for clients for which the current master doesn't
- ### have a valid certificate
- # allow access to the master CA
- path /certificate/ca
- auth any
- method find
- allow *
- path /certificate/
- auth any
- method find
- allow *
- path /certificate_request
- auth any
- method find, save
- allow *
- # this one is not stricly necessary, but it has the merit
- # to show the default policy which is deny everything else
- path /
- auth any
- #### NEED TO ALLOW * TO WORKAROUND AUTHENTICATION FAILURE
- allow *
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement