UNICORE XUUDB Service Reference Card
Functional description
The UNICORE XUUDB is a SOAP (over HTTP) web service service providing attributes to be used for authorization purposes in the UNICORE/X server.
It has two public web service interfaces for
- querying the XUUDB by X509 certificate or just the X500 name (DN)
- administrating the XUUDB (adding, updating, removing entries)
Daemons running
The XUUDB server is a single process.
Init scripts and options (start|stop|restart|...)
The service is started and stopped using shell scripts in the bin/ folder of the installation.
If installed via a Linux distribution package, e.g. RPM or .deb, the service can be started with /etc/init.d/unicore-xuudb {start|stop|restart}.
Configuration files location with example or template
Configuration files are in the conf/ folder of the installation.
- xuudb_server.conf : XUUDB server settings (key/truststore, host/port, etc)
- xuudb.acl : list of trusted X500 names that may administrate the XUUDB
- logging.properties : XUUDB server logging settings
- xuudb_client.conf : administrative client configuration
- client_logging.properties : administrative client logging config
If installed via a Linux distribution package, e.g. RPM or .deb, the configuration files will be located in /etc/unicore/xuudb.
Logfile locations (and management) and other useful audit information
Logfiles are by default placed in the logs/ directory in the installation, and rolled over daily. Details can be controlled in the logging.properties file
If installed via a Linux distribution package, e.g. RPM or .deb, the log files will be written to /var/log/unicore/xuudb, to which the unicore user created by this package has write access.
Open ports
- the XUUDB listener port, configured in the xuudb_server.conf file (default: 34463).
Possible unit test of the service
Unit tests are part of the build procedure and executed automatically.
When running, the service can be tested by executing the admin.sh script to list the XUUDB content (execute "admin.sh list" or "unicore-xuudb-admin list" if XUUDB was installed with RPM or .deb)
Where is service state held (and can it be rebuilt)
The data is kept on the file system (using an embedded database engine) in the
data/ directory in the installation.
If installed via a Linux distribution package, e.g. RPM or .deb, then the service state will be held in /var/lib/unicore/xuudb.
Cron jobs
N/A
Security information
Access control Mechanism description (authentication & authorization)
The two XUUDB web services are secured in different ways.
- query : is possible for all clients (i.e. end users or UNICORE/X servers!) having a trusted certificate
- admin : requires a matching entry in the xuudb.acl file
How to block/ban a user
Revoke the certificate. For the admin interface, remove the entry from the xuudb.acl file
Network Usage
The XUUDB listens to client requests on a single port.
Firewall configuration
n/a
Security recommendations
Do not run as root.
Security incompatibilities
None known.
List of externals (packages are NOT maintained by Red Hat)
n/a
Other security relevant comments
n/a
Utility scripts
n/a