This allows user commands to be authenticated via passwords.
To enable this functionality, ecflow must have been built with -DENABLE_SECURE_USER. To check this is the case, please invoke:
| Code Block |
|---|
ecflow_client --version # the output should include *secure_user* |
| Warning |
|---|
Additionally this release, will not be compatible with previous release( i.e built without -DENABLE_SECURE_USER) |
One passwords file each, must be be specified for the client and server. In both cases the file is located via ECF_PASSWD environment variable.
The default internal name of the password file is ecf.passwd, hence the server will by default look for password of name <host>.<port>.ecf.passwd.
The format of the file is the same for both client and server. Is up to the user and server administrator, to set the right permissions on the file.
| Code Block |
|---|
4.5.0 # this is the version number # comment # <user> <host> <port> <passwd> fred machine1 3142 xydd5j fred machine2 3142 xydd5j fred machine3 3142 xydd5jggg |
This format allow a user to have the same file for multiple servers.
The password file for the server must contain at least one user that matches the host and port of the server, otherwise and error is issued, and server can not be started.
If ECF_PASSWD environment variable is specified, then the file is read by the client and server.
Then every client user command, sends the password to the server. The server will then compare the password for the user with its own file. If it matches, the command is authenticated, otherwise the command fails.