Contents
| Section 1: | Tools and Utilities |
| Section 5: | Formats and Conventions |
| Section 7: | Miscellaneous |
| Section 8: | Web Services and CGI |
| HTTP Server: | Apache |
| Articles: | Using InfoCards With DACS |
| Project: | HOME // README // ACKNOWLEDGEMENTS // HISTORY // INSTALL // LICENSE // NOTICES // DTDs |
| Indexes: | Configuration Directives // Functions // Authentication Modules // Concepts // Annotations // Variables // Third-Party Packages |
Section 1: Tools and Utilities
- dacs
- a distributed access control system
[About DACS // About the Manual Pages // Key Concepts // Naming // The dacs Utility // Start-up Processing // Internals // Logging // Audit-Class Log Messages // Tracking User Activity]- dacsacl
- list, check, or re-index access control rules
- dacsauth
- authentication check
[Enhancing SSH Security]- dacscheck
- authorization check
[Advantages // Identities // Objects // Rule Evaluation Context // An Example Application // Comparing dacscheck with dacs_acs]- dacsconf
- display configuration directives
- dacscookie
- create DACS credentials and emit as a cookie
- dacscred
- acquire and manage DACS credentials
- dacsemail
- Simple outgoing email agent
- dacsexpr
- DACS expression language shell and interpreter
- dacsgrid
- administer grid-based one-time passwords
- dacshttp
- perform an HTTP/HTTPS request
- dacsinfocard
- manage InfoCard accounts
- dacsinit
- Configure a minimal DACS federation interactively
- dacskey
- generate encryption keys for DACS
- dacslist
- list jurisdictions
- dacspasswd
- manage DACS accounts
- dacsrlink
- create and administer rule links
- dacssched
- rule-based command scheduling
[Operation]- dacstoken
- administer hash-based one-time passwords
[PINs (Account Passwords) // One-Time Passwords (OTPs) // Accounts // Importing and Exporting OTP Accounts // XML Provisioning Format // KeyUriFormat Provisioning Format]- dacstransform
- rule-based document transformation
[Configuration]- dacsversion
- display version information
- dacsvfs
- access objects through the DACS virtual filestore
- sslclient
- an SSL/TLS client
[Server Identity Verification]
Section 3: Functions and Libraries
- ds
- Dynamic strings and vectors
[Byte Strings // Vectors]
Section 5: Formats and Conventions
- dacs.acls
- DACS access control rules
[Revoking Access and // URL Paths and Service Name Matching // Service Parameters // Constraints // ACL Files // ACL Naming // ACL Syntax // General Structure // Services // Rule Clause Processing // The Precondition Element // Expressions // ACL Rule Elements // The ACL Selection and Evaluation Algorithm]- dacs.conf
- DACS configuration files and directives
[Locating dacs.conf and site.conf // Path Interpolation // File Format // TheDefaultSection // The // Section Merging and Directive Evaluation // The undef() directive // Fatal errors // An example // Jurisdiction // The Effective Jurisdictional // Jurisdiction Selection by URI // Jurisdiction Selection by Jurisdiction Name // Jurisdiction Selection by Default // The Distinguishing URI // Directives // Evaluated Directives // Directive Categories // General Directives // TheAuthClause // TheRolesClause // TheTransferClause // Advanced Techniques // Configuration Variables // Authentication and Roles]- dacs.exprs
- DACS expression language
[Expression Syntax // Comments // Basic Data Types // Variables and Namespaces // Variable Syntax // Variable Modifier Flags // Reserved Namespaces // Lists, Alists, and Arrays // Lists // Alists // Expression Grammar // Operators // Functions]- dacs.groups
- DACS groups
[Role-Based Group Membership // Group Syntax and Semantics // DACS Metadata]- dacs.nat
- Notice Acknowledgement Token specification
[Introduction // Purpose // Design Elements // Terminology // Notational Conventions // Summary // The Notice Acknowlegement Token // NAT Syntax // NAT Names // NAT Reserved Attributes // URI Matching // Cryptographic Elements // Encoding for Transport // Implementation Notes // NAT HTTP Header Syntax // Multiple NATs // Resource Name Mapping // NAT Creation and Merging // Case Sensitivity // Server Autonomy // Minimal Implementation // Middleware Support]- dacs.vfs
- the DACS virtual filestore
[Thevfs_uriand Item Types // Virtual Filestore Details]
Section 7: Miscellaneous
- dacs.install
- DACS installation guide
[Trying DACS // Upgrading DACS // Installation Layout Overview // Installing DACS // Tip // Initial Testing // Build Options // Configure Options // Standard build and install options // Feature selection options // Third-party support options]- dacs.java
- DACS Java support
- dacs.quick
- DACS Quick Start Tutorial
[Step 1: Install required third-party packages // Step 2: Install and configure Apache // Step 3: Build and install DACS // Step 4: DACS-enable Apache // Step 5: Do basic DACS configuration // Step 6: Do basic Apache configuration for DACS // Step 7: Test basic DACS services // Step 8: Try DACS authentication // Step 9: DACS-wrapping a web service // Step 10: What's next? // Step 11: Clean up // Troubleshooting]- dacs.readme
- DACS README
[DACS At a Glance // Supported Platforms // Other Platforms // Warnings // Release Information // Roadmap // Security // Add-on Features // Administration // Related Software // The DACS Java Library (DJL) // The FedAdmin Web Application // Support // Known Problems // Bugs, Suggestions, and Feedback]
Section 8: Web Services and CGI
- autologin
- Convert an Apache identity to a DACS identity
[Web Service Arguments]- cgiparse
- CGI parameter parsing utility
- dacs_acs
- DACS access control service
[Module-to-ACS Protocol // Credentials // Rlinks // Rlink Details // HTTP Authentication // Authorization Caching // XML Output // Variables Available To Rules // Standard Environment Variables // Exported DACS Variables // Exported Environment Variables // About Servlets // The DACS_ACS Argument // The DACS-Status-Line header // The DACS_APPROVAL environment variable]- dacs_admin
- DACS administration service
[Web Service Arguments // Resources and Methods]- dacs_auth_agent
- DACS delegated authentication service
[Web Service Arguments // Operation // Local Mode // Alien Mode]- dacs_auth_transfer
- transfer credentials between federations
[The Identity Transfer Protocol // Overview // Protocol Operation // Implementation // Web Service Arguments // Presentation // Export // Token // Import]- dacs_authenticate
- DACS authentication service
[Authentication // Names // Credentials and Cookies // Web Service Arguments // Auth Clause Directives // Initialization and the Auth Namespace // Authentication Clause Control Flow // Authenticating Using an Expression // Middleware Support // Authentication Modules // local_apache_authenticate // local_cas_authenticate // local_cert_authenticate // local_grid_authenticate // local_http_authenticate // Deprecated // local_ldap_authenticate // local_native_authenticate // local_ntlm_authenticate // local_pam_authenticate // local_passwd_authenticate // local_radius_authenticate // local_simple_authenticate // local_tgma_authenticate // local_token_authenticate // local_unix_authenticate // Roles //RolesClause Directives // Roles Clause Control Flow // Roles Modules // local_roles // local_ldap_roles // local_unix_roles // Related Services]- dacs_autologin_ssl
- use an SSL client certificate to automatically obtain DACS credentials
[Web Service Arguments]- dacs_conf
- display DACS configuration directives
[Web Service Arguments]- dacs_current_credentials
- display DACS credentials
[Web Service Arguments]- dacs_error
- simple error handling utility for DACS
- dacs_group
- DACS group administration
[Web Service Arguments]- dacs_infocard
- Information Card administration
[Web Service Arguments]- dacs_list_jurisdictions
- display information about DACS jurisdictions
[Web Service Arguments]- dacs_managed_infocard
- create a managed Information Card
[Configuration // Web Service Arguments]- dacs_mex
- WS-MetadataExchange responder for Information Cards
[Web Service Arguments]- dacs_notices
- DACS notice presentation and acknowledgement handler
[Operation // Web Service Arguments // Middleware Support // Simple Mode // Secure Mode]- dacs_passwd
- manage private DACS passwords
[Web Service Arguments]- dacs_prenv
- CGI program that displays its environment
[Web Service Arguments]- dacs_select_credentials
- temporarily disable DACS credentials
[Web Service Arguments]- dacs_signout
- DACS signout service
[Web Service Arguments]- dacs_sts
- Secure Token Service for managed Information Cards
[Configuration // Web Service Arguments]- dacs_token
- manage DACS one-time password token accounts
[Web Service Arguments]- dacs_transform
- rule-based document transformation
[Regions // Directive and Attribute Syntax // Negation // Recursion // Directives // Configuration // Web Service Arguments]- dacs_uproxy
- minimal HTTP proxying
[Web Service Arguments // Operation]- dacs_version
- display DACS version information
[Web Service Arguments]- dacs_vfs
- access objects through the DACS virtual filestore
[Web Service Arguments]- dacs.services
- DACS web services
[Standard CGI Arguments for DACS Web Services]- pamd
- PAM transaction server
HTTP Server: Apache
- mod_auth_dacs
- Apache/DACS authentication and authorization module
Annotations
Security Notes
Important Notes
Other Notes
| Apache AuthType, AuthName, and Require directives | Limitations on CGI arguments |
| DACS advisory | Potential password logging when debugging |
Tips
Variables
Configuration Directives
DTDs
These XML DTD skeletons are used only to help document information used by DACS.
access_token.dtd, acl_index.dtd, acl.dtd, auth_reply.dtd, common.dtd, Configuration.dtd, credentials.dtd, crypt_keys.dtd, dacs_acs.dtd, dacs_admin.dtd, dacs_auth_agent.dtd, dacs_auth_reply.dtd, dacs_auth_transfer.dtd, dacs_conf_reply.dtd, dacs_current_credentials.dtd, dacs_group.dtd, dacs_infocard.dtd, dacs_list_jurisdictions.dtd, dacs_notices.dtd, dacs_passwd.dtd, dacs_select_credentials.dtd, dacs_user_info.dtd, dacs_version.dtd, groups.dtd, roles_reply.dtd, selected_credentials.dtd, store_reply.dtd
 |
Font:
|
−− | Set | ++ |