Product Knowledge Base

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

  • Job Scheduler provides built-in basic user/password authentication:
    • The easiest way to generate the encrypted passwords is to use JOE.
    • This mechanism does not support more elaborated management of user credentials, e.g. password expiration policies.
  • If you want to authenticate users against an LDAP directory, you can set up a web server as a proxy for JOC. 
    • This grant access to JobScheduler exclusively from the localhost and from the web server (see the element <allowed_hosts> in scheduler.xml).
    • If a user wants to access JOC then the address of the proxy server has to be used. Proxy access can be the secured using plugins of the web server (e.g. Apaches LDAP Plugin).

Configuring a Proxy for the Apache Web Server

Load the proxy modules in httpd.conf of the Apache installation:

 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_http_module modules/mod_proxy_http.so

Configure a proxy address:

 <Proxy http://scheduler_host:4444/*
   Order deny,allow
   Allow from all
 </Proxy>
 
 ProxyPass /jobscheduler/ http://scheduler_host:4444/
 ProxyPassReverse /jobscheduler/ http://scheduler_host:4444/

After restarting Apache, JOC should be accessible by using the address

http://proxy_host:80/jobscheduler/.

Configuring Basic Authentication

 <Proxy http://scheduler_host:4444/*> 
   Order deny,allow
   Allow from all
   AuthType Basic
   AuthName "JobScheduler"
   AuthUserFile jobscheduler_password.file
   Require valid-user
 </Proxy>

Create a file jobscheduler_password.file using the htpasswd utility. Store it in the Apache root directory:

 htpasswd -c password.file username

Configuring LDAP Authentication

First, make sure the proxy for JobScheduler is working. Then the proxy can be secured using Apaches LDAP Plugin.

Load LDAP modules:

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so

Secure the proxy:

<Proxy http://scheduler_host:4444/*>
AuthzLDAPAuthoritative off
AuthBasicProvider ldap
AuthType Basic
AuthName "LDAP Job Scheduler"
AuthLDAPURL ldap://your_host/ou=People,dc=my-domain,dc=com
require valid-user
</Proxy>

See also

  • No labels