EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <20222023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <20222023  2024 
<== Date ==> <== Thread ==>
Subject: Re: Allowing localhost in access control files
From: Michael Davidsaver via Tech-talk <tech-talk at aps.anl.gov>
To: Simon Rose <Simon.Rose at ess.eu>
Cc: "tech-talk at aps.anl.gov" <tech-talk at aps.anl.gov>
Date: Mon, 13 Jun 2022 07:26:27 -0700 
On 6/13/22 06:26, Simon Rose via Tech-talk wrote:

Hi all -

Is it possible to set up an access security file to allow only CA/PVA requests from the same host as the IOC? One option of course is to use asSetSubstitutions and some variable, but it seems like there should be a more intrinsic way of doing this.

I have attempted using the name “localhost”, asCheckClientIP set to 1, even using 127.0.0.1 as a member of the host access group, but none of these seemed to work.

My two main questions:

  * Is there a better or more canonical way of doing this?
  * Perhaps more importantly--particularly if we have to use environment variables and substitutions--is there some danger or pitfall about this that we should be careful about?


CA does not automatically use the loopback interface.
There is actually no portable way to do so in the
presence of multiple IOCS.  Linux is the only OS which
(implicitly) gives the loopback interface a broadcast
address.  eg.


export EPICS_CA_ADDR_LIST=127.255.255.255





Cheers,

Simon

______________________

*Simon Rose*

Software Engineer

Control System Software and Services

*European Spallation Source ERIC*

P.O. Box 176, SE-221 00 Lund, Sweden

Visiting address: Partikelgatan 2, 224 84 Lund

Mobile: +46 72 179 23 07

E-mail: simon.rose at ess.eu <mailto:simon.rose at ess.eu>__

signature_1311191015
References:
Allowing localhost in access control files Simon Rose via Tech-talk
Navigate by Date:
Prev: Allowing localhost in access control files Simon Rose via Tech-talk
Next: Re: Allowing localhost in access control files Ralph Lange via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <20222023  2024 
Navigate by Thread:
Prev: Allowing localhost in access control files Simon Rose via Tech-talk
Next: Re: Allowing localhost in access control files Ralph Lange via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  <20222023  2024 
ANJ, 14 Sep 2022 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·