Hi Sharon, Thanks for helping me!
I've got the machine level security working now, but I want to be able to seperate things better. My users fall mostly in 5 categories - administrators, developers, QA, support, and everybody else. They have some access to all machines, and my idea is to use STAF not only to run SW tests, but to offer different subsets of services to different user groups. So, you say that the way to use userlevel trust they need to first create a handle and then use that in other service requests? But handle creation requires level 5 trust as well, doesn't it? Is the way forward that I as admin create a number of static handles for people to use? /jan Sharon Lucas wrote: > The USERNAME variable for for a PROCESS START request says to start a > process as another user (the username specified). It has absolutely > nothing to do with STAF trust. You don't need to specify a USERNAME > option on a PROCESS START request unless you need to run a process as a > different user that the user that was logged on when STAFProc was started. > > STAF trust is determined by the machine/user that is submitting a STAF > service request. I recommend that you first use machine trust and get > familiar with it before trying to use user trust. Machine trust uses > TCP/IP hostnames (e.g. client1.company.com) or IP addresses. So, in order > for machine client1.company.com to be able to submit a STAF PROCESS START > request on machine client2.company.com, machine client2.company.com must > give trust level 5 to machine client1.company.com. For example, machine > client2.company.com's STAF.cfg file would need to have the following entry > : > > TRUST LEVEL 5 MACHINE client1.company.com > > User trust is a more advanced topic and requires that you have an > authenticator for your users registered in the STAF.cfg file on all > machines using STAF. STAF provides a sample user authenticator which you > could use. User trust requires that you authenticate the STAF handle that > you use to submit service requests to STAF services (like a PROCESS START > request). You can authenticate a STAF handle using the HANDLE service's > AUTHENTICATE request and specifying the user and its credentials and the > authenticator you're using. > > -------------------------------------------------------------- > Sharon Lucas > IBM Austin, luc...@us.ibm.com > (512) 286-7313 or Tieline 363-7313 > > > > > agou <a...@talktalk.net> > 01/20/2009 09:33 AM > > To > staf <staf-users@lists.sourceforge.net> > cc > > Subject > [staf-users] Trust? > > > > > > > I have just started on learning how to use staf, and one of the first > questions I have is about trust. I understand I can set trust on > userlevel etc, but how do I actually do something under a given user? I > tried the process service like: > > process start command xxx username uuu password ppp > > - but the response tells me that I need to have trust level 5 to access > the process service. I have already set up trust level 5 for the user, > so I must have done it wrong: > > trust level 5 user uuu > > Am I just being stupid? > > /jan > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > _______________________________________________ > staf-users mailing list > staf-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/staf-users > > ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ staf-users mailing list staf-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/staf-users
