On 6/13/22 06:26, Simon Rose via Tech-talk wrote:
Hi all -
Is it possible to set up an access security file to allow only CA/PVA requests from the same host as the IOC? One option of course is to use asSetSubstitutions and some variable, but it seems like there should be a more intrinsic way of doing this.
I have attempted using the name “localhost”, asCheckClientIP set to 1, even using 127.0.0.1 as a member of the host access group, but none of these seemed to work.
My two main questions:
* Is there a better or more canonical way of doing this?
* Perhaps more importantly--particularly if we have to use environment variables and substitutions--is there some danger or pitfall about this that we should be careful about?
CA does not automatically use the loopback interface.
There is actually no portable way to do so in the
presence of multiple IOCS. Linux is the only OS which
(implicitly) gives the loopback interface a broadcast
address. eg.
export EPICS_CA_ADDR_LIST=127.255.255.255
Cheers,
Simon
______________________
*Simon Rose*
Software Engineer
Control System Software and Services
*European Spallation Source ERIC*
P.O. Box 176, SE-221 00 Lund, Sweden
Visiting address: Partikelgatan 2, 224 84 Lund
Mobile: +46 72 179 23 07
E-mail: simon.rose at ess.eu <mailto:simon.rose at ess.eu>__
signature_1311191015
- References:
- Allowing localhost in access control files Simon Rose via Tech-talk
- Navigate by Date:
- Prev:
Allowing localhost in access control files Simon Rose via Tech-talk
- Next:
Re: Allowing localhost in access control files Ralph Lange via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
<2022>
2023
2024
- Navigate by Thread:
- Prev:
Allowing localhost in access control files Simon Rose via Tech-talk
- Next:
Re: Allowing localhost in access control files Ralph Lange via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
<2022>
2023
2024
|