SYNOPSIS

dacs_admin [\m[blue]dacsoptions\m[]\s-2\u[1]\d\s+2]

DESCRIPTION

This program is part of the DACS suite.

The dacs_admin web service is a tool for administering various DACS resources at a jurisdiction. Providing both a browser-based interface and a simple, \m[blue]REST-oriented\m[]\s-2\u[2]\d\s+2 HTTP interface that can be used by middleware, scripts, and web browsers, dacs_admin allows inspection (and sometimes modification) of a jurisdiction's access control rules, configuration directives, group definitions, DACS user accounts, revocation list, version information, authorization cache, DACS log files, user tracking records, and more. An administrator can manage a different jurisdiction simply by aiming a browser or other HTTP client at that jurisdiction's dacs_admin web service.

Probably the best way to understand the tool is to simply use it interactively to browse through a jurisdiction's resources.

Security

This web service provides a way to view and change security-related DACS configuration, DACS passwords, and so on. The default access control rule denies all access to the web service - you must add a custom rule to enable access. All functionality should be restricted to an \m[blue]ADMIN_IDENTITY\m[]\s-2\u[3]\d\s+2.

Notes

Some features of this program may require JavaScript to be enabled in the browser.

dacs_admin will eventually unify and replace several existing different DACS administrative web services. It may also include federation-wide functions, such as the capability of adding a new jurisdiction.

Web Service Arguments

The following web service argument is always recognized:

FORMAT

By default, output is emitted in HTML. Several varieties of XML output can be selected, however, using the FORMAT argument (please refer to \m[blue]dacs(1)\m[]\s-2\u[4]\d\s+2).

Resources and Methods

The interface provided by dacs_admin allows various DACS resources to be examined and modified using standard HTTP methods (see \m[blue]RFC 2616\m[]\s-2\u[5]\d\s+2). Not all DACS resources may be accessible using dacs_admin and not all methods may be valid for some resources.

In keeping with the REST architectural style, every persistent resource is identified by a URI (\m[blue]RFC 2396\m[]\s-2\u[6]\d\s+2 and \m[blue]RFC 3986\m[]\s-2\u[7]\d\s+2). Invoking the GET method on https://www.example.com/cgi-bin/dacs/dacs_admin, for example, will (assuming appropriate configuration and permission) return a list of root-level resources managed by dacs_admin.

Invoking the GET method on a resource either returns a listing (by default, formatted as an HTML list or table) or an unadorned value (by default, formatted as an HTML encoded string). For instance, this URL might return a list of configuration directives and their current values:

https://www.example.com/cgi-bin/dacs/dacs_admin/conf/current

while this URL might return the current value of a particular configuration directive:

https://www.example.com/cgi-bin/dacs/dacs_admin/conf/current/AUTH_SUCCESS

The functionality of dacs_admin is described in terms of resources and methods supported on those resources. Depending on the particular service request, the result consists of an HTTP status code (usually "200 OK", "201 Created", "400 Bad Request", or "404 Not Found"), and possibly an HTML or XML document (selectable). The XML document is described by \m[blue]dacs_admin.dtd\m[]\s-2\u[8]\d\s+2.

Arguments are passed in the query part of a URI. Unrecognized and context-inappropriate arguments are silently ignored.

OPTIONS

Only the standard \m[blue]dacsoptions\m[]\s-2\u[1]\d\s+2 command line arguments are recognized.

FILES

\m[blue]dacs_admin.css\m[]\s-2\u[9]\d\s+2

DIAGNOSTICS

The program exits 0 if everything was fine, 1 if an error occurred.

RELATED TO dacs_admin…

\m[blue]dacsacl(1)\m[]\s-2\u[10]\d\s+2, \m[blue]dacspasswd(1)\m[]\s-2\u[11]\d\s+2, \m[blue]dacs.acls(5)\m[]\s-2\u[12]\d\s+2, \m[blue]dacs_conf(8)\m[]\s-2\u[13]\d\s+2, \m[blue]dacs_group(8)\m[]\s-2\u[14]\d\s+2, \m[blue]dacs_list_jurisdictions(8)\m[]\s-2\u[15]\d\s+2, \m[blue]dacs_passwd(8)\m[]\s-2\u[16]\d\s+2, \m[blue]dacs_version(8)\m[]\s-2\u[17]\d\s+2

AUTHOR

Distributed Systems Software (\m[blue]www.dss.ca\m[]\s-2\u[18]\d\s+2)

COPYING

Copyright2003-2012 Distributed Systems Software. See the \m[blue]LICENSE\m[]\s-2\u[19]\d\s+2 file that accompanies the distribution for licensing information.

NOTES

1.

dacsoptions

http://dacs.dss.ca/man/dacs.1.html#dacsoptions

2.

REST-oriented

http://rest.blueoxen.net/cgi-bin/wiki.pl

3.

ADMIN_IDENTITY

http://dacs.dss.ca/man/dacs.conf.5.html#ADMIN_IDENTITY

4.

dacs(1)

http://dacs.dss.ca/man/dacs.1.html

5.

RFC 2616

http://www.rfc-editor.org/rfc/rfc2616.txt

6.

RFC 2396

http://www.rfc-editor.org/rfc/rfc2396.txt

7.

RFC 3986

http://www.rfc-editor.org/rfc/rfc3986.txt

8.

dacs_admin.dtd

http://dacs.dss.ca/man/../dtd-xsd/dacs_admin.dtd

9.

dacs_admin.css

http://dacs.dss.ca/man//css/dacs_admin.css

10.

dacsacl(1)

http://dacs.dss.ca/man/dacsacl.1.html

11.

dacspasswd(1)

http://dacs.dss.ca/man/dacspasswd.1.html

12.

dacs.acls(5)

http://dacs.dss.ca/man/dacs.acls.5.html

13.

dacs_conf(8)

http://dacs.dss.ca/man/dacs_conf.8.html

14.

dacs_group(8)

http://dacs.dss.ca/man/dacs_group.8.html

15.

dacs_list_jurisdictions(8)

http://dacs.dss.ca/man/dacs_list_jurisdictions.8.html

16.

dacs_passwd(8)

http://dacs.dss.ca/man/dacs_passwd.8.html

17.

dacs_version(8)

http://dacs.dss.ca/man/dacs_version.8.html

18.

www.dss.ca

http://www.dss.ca

19.

LICENSE

http://dacs.dss.ca/man/../misc/LICENSE