Re: Other Access Security implementations?

["Konrad, Martin" <konrad@frib.msu.edu>]

Hi Ralph,
As Miroslav pointed out, depending on a central server adds latency and
a single point of failure. On the other hand managing access security
rules in a central spot is certainly beneficial. At FRIB we are
currently maintaining our ACF files in a central Git repo that gets
replicated onto each IOC machine's local disk (Puppet takes care of that
for us). IOCs point to one of the files in this directory (e.g. RF.acf).

If our rules files become more complex in the future we might need to
consider generating them using some tool that comes with a decent
template engine. Since we are already using Puppet for managing our
configuration files/IOCs this might be the way to go for the future.
Using an appropriate Hiera data backend, Puppet could pull data from any
data source (e.g. YAML files, SQL, LDAP,...). Maybe you have a similar
configuration-management tool you can leverage?

-Martin

-- 
Martin Konrad
High Performance Controls Team Leader
Facility for Rare Isotope Beams
Michigan State University
640 South Shaw Lane
East Lansing, MI 48824-1321, USA
Tel. 517-908-7253
Email: konrad@frib.msu.edu