Configuring MyAuthServer

The authentication server at SSRL is integrated with the web server applications. We have provided MyAuthServer, a simple stand-alone replacement application which you may find easier to configure and install than a full web server based application.

First, edit the dcsconfig/data/default.config or dcsconfig/data/beamline.config file and modify the following tags to indicate the listening port and host for the authentication server:

      auth.host=localhost
      auth.port=17000
      auth.secureHost=localhost
      auth.securePort=17001

Currently, MyAuthServer does not open a secure listening channel, secureHost and securePort will not affect MyAuthServer.

In the MyAuthServer/src directory, edit the users.txt file and add a new line for each user that should be able to access your beam line. A line with starting with a "#" is treated as a comment line.

An entry for user should be in the following generic format:

login,name,phone,title,beamlines,staff,roaming,enabled,sessionID,password

where

• The login is the unix login account name for the user.

• The name is the user's full name that will be shown in the Blu-Ice user's tab when the user connects to dcss.

• The phone is not really used anymore.

• The beamlines parameter indicates which beam line the user is allowed to connect to. If a beamline of ALL is used in the field, the user will be able to connect to all beamlines.

• The staff parameter should be either TRUE or FALSE. If TRUE, this parameter will enable access to the Setup Tab and provide access to motors which are configured as "staff only".

• The roaming parameter should be either TRUE or FALSE. If TRUE, this parameter will enable the user to become "active" while running Blu-Ice from a remote console.

• The sessionID parameter is an alpha-numeric string value that is returned to the client after a successful login. Programs that wish to validate that the user will check with the MyAuthClient to make sure that the sessionID and the username match. Note: The SessionID's must be unique for each user. Please change the sessionID from the example given in the users.txt file.

• The password parameter is a base64 encoding of the "username:password". It would be a good idea to keep this password different from the user's unix login password.

  Here is an example of how to generate a base64 encoded password using the TCL shell:

     >tclsh
     % package require base64
     2.2.1
     % ::base64::encode tigerw:birdie
     dGlnZXJ3OmJpcmRpZQ==