Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  Index 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020 
<== Date ==> <== Thread ==>

Subject: Re: X-terminals & EPICS security
From: gcarr@lanl.gov (Gary Carr)
To: TECH-TALK@APS.ANL.GOV
Cc: gpc@lanl.gov
Date: Thu, 21 Jan 1999 09:20:47 -0700
Its fairly easy to configure EPICS security by login account.
We use various captive accounts that have different security restrictions,
for example one of them has only read-only access to data. Our captive
accounts are also setup so that they can only run from selected hosts or
Xterminals.

You might be able to write some scripts to only allow access to certain
accounts from certain X-terminls, and setup EPICS security by the accounts.
Practically speaking the accounts would probably need to be captive. I
don't know if that is a viable solution for you.


At 09:31 AM 1/21/99 -0600, you wrote:
>>From: "Paul Sichta" <psichta@pppl.gov>
>>To: <tech-talk@aps.anl.gov>
>>Subject: X-terminals & EPICS security
>>Date: Wed, 20 Jan 1999 17:07:28 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
>>X-Mailer: Microsoft Outlook Express 4.72.3110.5
>>X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
> 
>> I want to implement EPICS security to place control restrictions based upon
>> the physical location  (control room, experimental areas)  of our OPI's,
>> which are all  X-terminals 'served' from a single host (Sun).   All of the
>> CA clients are run on our host,  and Channel Access (security) does not
>> 'know' where the medm displays are located.
>> 
>> Is there a way I can configure the access security configuration file to use
>> the names/IP address of the individual X-terminals ?
>> 
>> 
>
>
>No.  I was told <since Channel Access Security was born> that to implement
this
>feature would make it difficult to port to other operating systems. I was
>encouraged to do this with "prudent system administration" rather than 
>channel access security. I never figured out how to do that either.
>
>
>
>	Ned
>	



Navigate by Date:
Prev: Re: Slow booting ioc Marty Kraimer
Next: Re: X-terminals & EPICS security Ralph Lange
Index: 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020 
Navigate by Thread:
Prev: Re: X-terminals & EPICS security Ralph Lange
Next: RE: X-terminals & EPICS security Jeff Hill
Index: 1994  1995  1996  1997  1998  <19992000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020 
ANJ, 10 Aug 2010 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·