Revision 6e99c5a0 man/ganeti-rapi.sgml
b/man/ganeti-rapi.sgml | ||
---|---|---|
47 | 47 |
|
48 | 48 |
</cmdsynopsis> |
49 | 49 |
</refsynopsisdiv> |
50 |
|
|
50 | 51 |
<refsect1> |
51 | 52 |
<title>DESCRIPTION</title> |
52 | 53 |
|
... | ... | |
81 | 82 |
|
82 | 83 |
</refsect1> |
83 | 84 |
|
85 |
<refsect1> |
|
86 |
<title>ACCESS CONTROLS</title> |
|
87 |
|
|
88 |
<para> |
|
89 |
All query operations are allowed without authentication. Only |
|
90 |
the modification operations require authentication, in the form |
|
91 |
of basic authentication. |
|
92 |
</para> |
|
93 |
|
|
94 |
<para> |
|
95 |
The users and their rights are defined in a file named |
|
96 |
<filename>rapi_users</filename>, located in the <filename |
|
97 |
class="directory">@LOCALSTATEDIR@/ganeti</filename> |
|
98 |
directory. The users should be listed one per line, in the |
|
99 |
following format: |
|
100 |
</para> |
|
101 |
|
|
102 |
<screen>username password options</screen> |
|
103 |
|
|
104 |
<para> |
|
105 |
Currently the <replaceable>options</replaceable> field should |
|
106 |
equal the string <emphasis>write</emphasis> in order to actually |
|
107 |
give write permission for the given users. Example: |
|
108 |
</para> |
|
109 |
<screen>rclient secret write |
|
110 |
guest tespw |
|
111 |
</screen> |
|
112 |
<para>The first user (<userinput>rclient</userinput>) will have |
|
113 |
read-write rights, whereas the second user does only have read |
|
114 |
(query) rights, and as such is no different than not using |
|
115 |
authentication at all.</para> |
|
116 |
</refsect1> |
|
84 | 117 |
&footer; |
85 | 118 |
|
86 | 119 |
</refentry> |
Also available in: Unified diff