Dacs administration service
This program is part of the DACS suite.
The dacs_admin web service is a tool for administering various DACS resources at a jurisdiction. Providing both a browser-based interface and a simple, \m[blue]REST-oriented\m\s-2\u\d\s+2 HTTP interface that can be used by middleware, scripts, and web browsers, dacs_admin allows inspection (and sometimes modification) of a jurisdiction's access control rules, configuration directives, group definitions, DACS user accounts, revocation list, version information, authorization cache, DACS log files, user tracking records, and more. An administrator can manage a different jurisdiction simply by aiming a browser or other HTTP client at that jurisdiction's dacs_admin web service.
Probably the best way to understand the tool is to simply use it interactively to browse through a jurisdiction's resources.
This web service provides a way to view and change security-related DACS configuration, DACS passwords, and so on. The default access control rule denies all access to the web service - you must add a custom rule to enable access. All functionality should be restricted to an \m[blue]ADMIN_IDENTITY\m\s-2\u\d\s+2.
dacs_admin will eventually unify and replace several existing different DACS administrative web services. It may also include federation-wide functions, such as the capability of adding a new jurisdiction.
The following web service argument is always recognized:
By default, output is emitted in HTML. Several varieties of XML output can be selected, however, using the FORMAT argument (please refer to \m[blue]dacs(1)\m\s-2\u\d\s+2).
The interface provided by dacs_admin allows various DACS resources to be examined and modified using standard HTTP methods (see \m[blue]RFC 2616\m\s-2\u\d\s+2). Not all DACS resources may be accessible using dacs_admin and not all methods may be valid for some resources.
In keeping with the REST architectural style, every persistent resource is identified by a URI (\m[blue]RFC 2396\m\s-2\u\d\s+2 and \m[blue]RFC 3986\m\s-2\u\d\s+2). Invoking the GET method on https://www.example.com/cgi-bin/dacs/dacs_admin, for example, will (assuming appropriate configuration and permission) return a list of root-level resources managed by dacs_admin.
Invoking the GET method on a resource either returns a listing (by default, formatted as an HTML list or table) or an unadorned value (by default, formatted as an HTML encoded string). For instance, this URL might return a list of configuration directives and their current values:
while this URL might return the current value of a particular configuration directive:
The functionality of dacs_admin is described in terms of resources and methods supported on those resources. Depending on the particular service request, the result consists of an HTTP status code (usually "200 OK", "201 Created", "400 Bad Request", or "404 Not Found"), and possibly an HTML or XML document (selectable). The XML document is described by \m[blue]dacs_admin.dtd\m\s-2\u\d\s+2.
Arguments are passed in the query part of a URI. Unrecognized and context-inappropriate arguments are silently ignored.
Only the standard \m[blue]dacsoptions\m\s-2\u\d\s+2 command line arguments are recognized.
The program exits 0 if everything was fine, 1 if an error occurred.
\m[blue]dacsacl(1)\m\s-2\u\d\s+2, \m[blue]dacspasswd(1)\m\s-2\u\d\s+2, \m[blue]dacs.acls(5)\m\s-2\u\d\s+2, \m[blue]dacs_conf(8)\m\s-2\u\d\s+2, \m[blue]dacs_group(8)\m\s-2\u\d\s+2, \m[blue]dacs_list_jurisdictions(8)\m\s-2\u\d\s+2, \m[blue]dacs_passwd(8)\m\s-2\u\d\s+2, \m[blue]dacs_version(8)\m\s-2\u\d\s+2
Distributed Systems Software (\m[blue]www.dss.ca\m\s-2\u\d\s+2)
Copyright2003-2012 Distributed Systems Software. See the \m[blue]LICENSE\m\s-2\u\d\s+2 file that accompanies the distribution for licensing information.