• Leigh B Stoller's avatar
    ABAC Speaksfor credential support. · 60274694
    Leigh B Stoller authored
    The CM can now receive either an ABAC or a non-ABAC speaksfor
    credential in the list of credentials. Thanks to Gary for getting
    libabac built on boss so that I could use it! The AM probably needs a
    little bit more work since it has a few V3 places where it does not
    invoke CMV2 directly, but that should be easy to fix; all of the AMV2
    functions will work tough.
    
    Caveat; I don't bother to look at the speaksfor option; if we get a
    speaksfor credential, I figure it was cause the user wants to use it!
    
    I added a hacky script called genspeaksfor to create a proper speaks
    for credential that allows me to speak for another user. For example:
    
    	genspeaksfor -a urn:publicid:IDN+emulab.net+user+leebee \
    	         urn:publicid:IDN+emulab.net+user+stoller
    
    which generates an ABAC speaks for credential that allows me to spead
    for leebee. To use the PG test scripts with this credential:
    
    	createsliver.py* -S speaksfor.cred -s slice.cred
    
    Where slice.cred is a plain slice credential issued to leebee and then
    given to me via an out of band mechanism (:-).
    60274694
credential.xsd 8.53 KB