Revision 6e99c5a0 man/ganeti-rapi.sgml
| b/man/ganeti-rapi.sgml | ||
|---|---|---|
| 47 | 47 |
|
| 48 | 48 |
</cmdsynopsis> |
| 49 | 49 |
</refsynopsisdiv> |
| 50 |
|
|
| 50 | 51 |
<refsect1> |
| 51 | 52 |
<title>DESCRIPTION</title> |
| 52 | 53 |
|
| ... | ... | |
| 81 | 82 |
|
| 82 | 83 |
</refsect1> |
| 83 | 84 |
|
| 85 |
<refsect1> |
|
| 86 |
<title>ACCESS CONTROLS</title> |
|
| 87 |
|
|
| 88 |
<para> |
|
| 89 |
All query operations are allowed without authentication. Only |
|
| 90 |
the modification operations require authentication, in the form |
|
| 91 |
of basic authentication. |
|
| 92 |
</para> |
|
| 93 |
|
|
| 94 |
<para> |
|
| 95 |
The users and their rights are defined in a file named |
|
| 96 |
<filename>rapi_users</filename>, located in the <filename |
|
| 97 |
class="directory">@LOCALSTATEDIR@/ganeti</filename> |
|
| 98 |
directory. The users should be listed one per line, in the |
|
| 99 |
following format: |
|
| 100 |
</para> |
|
| 101 |
|
|
| 102 |
<screen>username password options</screen> |
|
| 103 |
|
|
| 104 |
<para> |
|
| 105 |
Currently the <replaceable>options</replaceable> field should |
|
| 106 |
equal the string <emphasis>write</emphasis> in order to actually |
|
| 107 |
give write permission for the given users. Example: |
|
| 108 |
</para> |
|
| 109 |
<screen>rclient secret write |
|
| 110 |
guest tespw |
|
| 111 |
</screen> |
|
| 112 |
<para>The first user (<userinput>rclient</userinput>) will have |
|
| 113 |
read-write rights, whereas the second user does only have read |
|
| 114 |
(query) rights, and as such is no different than not using |
|
| 115 |
authentication at all.</para> |
|
| 116 |
</refsect1> |
|
| 84 | 117 |
&footer; |
| 85 | 118 |
|
| 86 | 119 |
</refentry> |
Also available in: Unified diff