$CLIENT_PORT = 7653;
This variable represents the port number of the main RATS server
and it should not be changed without consulting the RATS administrator
$SERVER_PORT = 7654;
This is the location of the log file on the logging host
$LOG_FILE="/usr/local/accounts/rats.log";
This is a hash of hosts and the DES keys they use. Note
that each host has a pair of keys separated by a ":". Naturally a ":" is
not a valid character in a key. These keys should be between 0 and
56 characters long.
%DES_KEYS = (
"somehost.rutgers.edu" => "foo:bar",
"otherhost.rutgers.edu" => "key1:key2",
););
Here you can restrict the operations which some hosts can run
on your machines. Hosts not listed here can run ALL API calls
This example has the calls required for uid synchronization.
%HOST_ACL = (
"somehost.rutgers.edu" => ['GETUID','RESERVE'],
);
This hash contains the pairing of all the filesystems on the
host where account creation related tasks may occur and the host they are
located on. Obviously if you want something to happen on that filesystem
you better make sure that the host has a daemon running.
%FS = (
"/home" => "somehost.rutgers.edu",
);
If you have linked filesystems you should list them here. This
allows RATS to find their actual location using the hash above.
%LINKED_FS = (
"/my_cluster/u1" => "/home",
);These are the locations of various account related files. They are here so you can use test files or other locations.
%ACCT_FILES = (
'group' => '/etc/group',
'passwd' => '/etc/passwd',
'shadow' => '/etc/shadow',
'reserve'=> '/usr/local/accounts/etc/reserve',
);
The files listed above need to be locked at various times. Bellow
are the lock files which will be created and flock'ed when necessary.
%LOCK_FILE = (
'group' => '/etc/gtmp',
'passwd' =>'/etc/ptmp',
'shadow' =>'/etc/stmp',
'reserve'=>'/usr/local/accounts/etc/rtmp',
);
Rats also uses some temporary files for various manipulations.
%ACCT_FILES_TMP = (
'group' => '/etc/group.temp',
'passwd' => '/etc/passwd.temp',
'shadow' => '/etc/shadow.temp',
'reserve'=> '/usr/local/accounts/etc/reserve.temp',
);This are the hosts on which various account files are located. Note that the reserve file is implicitly located on the passwd host.
%ACCT_FILES_MASTER = (
'group' => "myhost.rutgers.edu",
'passwd' => "myhost.rutgers.edu",
'shadow' => "myhost.rutgers.edu",
);Group file entries are usually limited to 1024 characters. Unfortunately often times they need to be considerably larger then that. To solve this problem RATS creates secondary group entries using the real group names as base and appending a extension and number, and preserving the GID. For example group "staff" could be made out off "staff", "staff-ext0", "staff-ext1" and so on. The string used for the extension will be placed between a hyphen and a number and it is configurable bellow. It is not advisable to change this after you started using RATS unless you also change the existing entries in the group file.
$EXT_TOKEN = "ext";
The number of characters allowed in a group entry before the
group gets split. Most OS tools restrict this number to 1024, so anything
less then that would work, unless you make it to small to fit even a one
user entry.
$GROUP_ENTRY_LENGTH_LIMIT = 900;
MIN_UID is the smallest UID that will ever be given to a user.
UID less then this are considered system UIDs.
$MIN_UID = 101;
This is the host to which all logging will be forwarded.
$LOG_HOST = "somehost.rutgers.edu";
When setting email address for new accounts in the PEOPLE DATABASE,
the email will be set as the username at the host declared bellow.
$EMAIL_HOST = 'myhost.rutgers.edu',
This is the main accounts data structure. it can contain
0 or more account types. In this case it contains only one account type:
STUDENT. Each of the variables are described bellow.
%ACCOUNTS = (
'STUDENT' => {
'req_role' => {
'all' => [ 'student'], # must have all these roles
'some' => [], # must have one or more of these
},
'req_campus' => {
'all' => [ 'NB'], # must have all these campuses
'some' => [], # must have one or more of these
},
'req_major' => {
'all' => [], # must have all these majors
'some' => [], # must have one or more of these
},
'roster' => {
'term' => '', # the semester for the classes
'year' => '', # the year for the classes
'all' => [], # must be in all these classes
'some' => [], # must be in at least one of these
},
'authtype' => 'kerberos',# kerberos,enigma,crypt, "string=<string>" 'princ' => 'iid', # principle: iid or username'
'kerb_realm' => 'rci.rutgers.edu', # the kerberose realm for this account type
'shell' => '/bin/tcsh', # shell for this account type
'shadow' => {
'lastchg' => '', #
'minday' => '', #
'maxday' => '', #
'warn' => '', # man shadow for these fields
'inactive' => '', # blank is fine
'expire' => '', #
'flag' => '', #
},
'home' => {
'create' => 1, # create a home dir?
'dir' => '/share/home', # on what FS?
'group' => 'staff', # group of home
'perm' => '0755', # perms of home
'soft' => '5000', # soft quota
'hard' => '10000', # hard quota
},
'mail' => { # if no dir is declared the no quotas
'dir' => '/var/mail',
'soft' => '5000',
'hard' => '10000',
},
'set_other_q' => 0, # Should we set quotas on other file systems?
'groups' => {
'primary' => 'staff', # primary group. goes in /etc/passwd
'secondary'=> [ 'mail', 'sysadmin'], # secondary groups, in /etc/group
},
'update_email' => 1, # update email in PDB?
'email_role' => 'student', # set email for what role
'copy' => { # copy these file
'host' => 'myhost.rutgers.edu', #host which to copy the files
'files' => {
'/etc/rc2' => '.login',
'/etc/rc3' => '.cshrc',
},
},
'link' => { # link these files
'host' => 'myhost.rutgers.edu', #host on which to link the files
'files' => {
'/etc/rc1' => '.bashrc',
},
},
'scripts' => { # once script runs before always script
'script_host' => 'brick.rutgers.edu', # script host
'always_script' => '', # script at end even for old acct
'once_script' => '', # script at end only for new acct
},
'web_display' => 1, # should this account be avaible for web tool?
},
);
This is the main client host which which all the client tools
will speak. This daemon will forward the requests to the appropriate hosts
if necessary. This daemon is in no way different then all the others.
$MASTER_HOST = 'myhost.rutgers.edu';
This is the main RATS host which handles PDB and KERBEROS requests.
$RATS_MASTER = 'nicto.rutgers.edu';
Location of the scripts. The scripts used at the end of account
creation must be in this directory. This exists so no arbitrary scripts
can be ran.
$SCRIPT_DIR = '/usr/local/accounts/scripts';
If UID synchronization with a remote host is used, this is the
host to do it with.
$UID_HOST = "uidhost.rutgers.edu";
Should we allow UID reservations
$ALLOW_UID_RESERVE = 1;
Should we synchronize the UIDs with a remote host?
$UID_SYNC = 1;
Token to be prepended to kerb princ in password
$KERB_TOKEN = "##";
Token to be prepended to enigma princ in password
$ENIGMA_TOKEN = "###";
Location of various shell locking directories, these can be used
for kerbshell, probshell and so on
%SHELL_LOCKS = (
'kerbshell' => '/usr/local/accounts/slocks/kerbshell',
'normal' => '/bin',
);
The realm used for kerbshell password changes
$KERBSHELL_REALM = 'rci.rutgers.edu';
$USE_ARCHIVE=0;
Where to place archived users
$ARCHIVE_PATH="/share/archive";
What permissions should we give the archive directory if we need
to create it
$ARCHIVE_PERMS = '0700';
What command to use for archive. make sure that its in the path
$ARCHIVE_CMD= "/usr/local/gnu/bin/tar -cPzf";
What extension to use for archive file
$ARCHIVE_EXT= "tgz";
What host to archive on
$ARCHIVE_HOST= "myhost.rutgers.edu";
$RADIUS_DOMAIN = "mydomain";
In which are the group changing stored
$PRIVS_FILE = "/usr/local/accounts/group.privs";
The temp file for above
$PRIVS_FILE_TEMP = "/usr/local/accounts/account.privs.tmp";
A script to be run (if it exists) to update yp maps after
group changes.
$YPFILE = "/usr/local/accounts/group.ypmake";
Where do you store the radius auth info
$RAD_AUTH_FILE = "/usr/local/accounts/users";
The temp file for above
$RAD_AUTH_FILE_TEMP = "/usr/local/accounts/users.tmp";
Hash of people who are group super users. This guys privs can
never
be removed from the web page.
%GROUP_SUPER = (
"myname\@myhost" => "other,slide",
);
$WEB_TIMEOUT = 300000;
The default account for the web pull down menu. This should be
one of the accounts defined
in the ACCOUNTS hash, or nothing at all. If nothing is defined then
the first element of the
pull down menu will be random.
$WEB_DEFAULT_ACCT = '';
Should web services be turned off?
$WEB_NO_SERVICE =0;
No service message
$WEB_NO_SERVICE_MSG = <<"END_OF_NO_SERV_MSG";
Web account creation is not currently functioning.
END_OF_NO_SERV_MSG