...
In ecflow 5 this functionality is enabled by default(when open ssl libs are found), however, in ecflow 4 this must have been built with -DENABLE_SECURE_USER. To check this is the case, please invoke:
...
| Warning | ||
|---|---|---|
| ||
Additionally, this release, will not be compatible with the previous release( i.e. built without -DENABLE_SECURE_USER) |
One password file each, must be be specified for the client and server. In both cases, the file is located via ECF_PASSWD environment variable.
The default internal name of the password file is ecf.passwd, hence the server will by default look for the password of name <host>.<port>.ecf.passwd.
The format of the file is the same for both client and server.
| Warning |
|---|
Is up to the user and server administrator, to set the right permissions on the file. |
| Code Block | ||
|---|---|---|
| ||
4.5.0 # this is the version number # comment # <user> <host> <port> <passwd> fred machine1 31423141 xydd5j fred machine2 31423141 xydd5j fred machine3 31423141 xydd5jggg |
This format allows the same same file to be used for multiple servers.
| Code Block | ||
|---|---|---|
| ||
4.5.0 user1 machine1 3141 sdfrg user2 machine1 3141 ssdft user3fred machine1 3141 ggsdsdxydd5j |
The password file for the server must contain at least one user that matches the host and port of the server, otherwise and , an error is issued, and the server can not be started.
...
Every client user command , sends the password to the server. The server will then compare the password for the user with its own. If it matches, the command is authenticated, otherwise, the command fails.
If the password is set on the server, but not on a client, then that user will be denied all access.
The password file can be reloaded to add/remove users. However, only users who appear in the password file , can do this.
| Code Block | ||
|---|---|---|
| ||
ecflow_client --reloadpasswdfile |
...