https://github.com/root-project/root
Tip revision: f7ba9bfe7439ce1ebd9df172a11c6ab1b96cf388 authored by Danilo Piparo on 27 November 2023, 20:22:19 UTC
"Update ROOT version files to v6.28/10."
"Update ROOT version files to v6.28/10."
Tip revision: f7ba9bf
rootauthrc.in
#
# etc/system.rootauthrc
#
# NB: this file contains system defaults read only in the case the
# $HOME/.rootauthrc is non-existing or non-readable. Its content
# can be included in the private $HOME/.rootauthrc using the
# include directive (see below). The location of the private file
# can be changed by setting the environment variable ROOTAUTHRC
# to the appropriate absolute file pathname.
#
# This file contains information about authentication methods available for
# authentication vis-a-vis of a given host. It allows to define host specific
# methods and defaults for the info (username, certificates, ...) to be used.
# The information specified here superseeds the one found in .rootrc.
#
# Format:
# - lines starting with '#' are comment lines.
#
# - lines of the form 'include <file>' allow to include other files
# of this kind which are expanded exactly at the point where the
# 'include' appears; environment variables are supported, eg
# include $ROOTSYS/etc/system.rootauthrc
#
# - lines of the form:
#
# <host> [user <username>] <key> <info>
#
# where <host> is the host(s) identifier (see below), <key> is an
# option key and <info> is the relevant info whose format depends
# on <key>; 'user' indicates the username to whom the information
# applies; if absent, the info applies to all users.
#
# <host>:
# - hosts can specified either with their name (e.g. pcepsft43),
# their FQDN (e.g. pcepsft43.cern.ch) or their IP address
# (e.g. 137.138.99.73).
# - if <host>=default or <host>='*' the following <key> <info>
# applies to all hosts, unless host-specific entries are found.
# - the '*' character can be used in the any field of the name to
# indicate a set of machines or domains, e.g. pcepsft*.cern.ch
# applies to all 'pcepsft' machines in the domain 'cern.ch'
# (to indicate all 'lxplus' machines you should use 'lxplus*.cern.ch'
# because internally the generic lxplus machine has a real name of
# the form lxplusnnn.cern.ch; you can also use 'lxplus' if you
# don't care about domain name checking)
# - a whole domain can be indicated by its name, eg 'cern.ch',
# 'cnaf.infn.it' or '.ch'
# - truncated IP address can also be used to indicate a set of
# machines; they are interpreted as the very first or very last
# part of the address; for example, to select 137.138.99.73,
# any of these is valid: '137.138.99', '137.138', '137`, '99.73';
# or with wild cards: '137.13*' or '*.99.73`; however, '138.99'
# is invalid because ambigous.
#
# <key> <info>:
# - valid keys are 'list' and 'method';
# - if <key>=list, <info> contains the list of codes or short names for
# methods that can/should be tried for authentication wrt to <host>,
# in order of preference.
# Available methods are:
#
# Method short name code
#
# UsrPwd usrpwd 0
#
# Example of a valid 'list' line:
#
# default list 0
# lxplus*.cern.ch list usrpwd
#
# The first line defines as default method UsrPwd.
#
# Having a line 'list' for a host is non mandatory: methods can
# also be defined directly via 'method' lines (see below); in
# such a case the first 'method' line will define the preferred
# method and so on.
#
# - if <key>=method, <info> contains
# + a method code --> mandatory, must be in the valid range
# + a prompt flag --> optional, identified by the key 'pt:',
# e.g. pt:yes
# values: 'yes' or 1, 'no' or '0'
# + a reuse flag --> optional, identified by the key 'ru:',
# e.g. ru:no
# values: 'yes' or 1, 'no' or '0'
# + some relevant information for authentication (optional,
# see below)
#
# The 'prompt' flag defines whether the user should be prompted
# for the relevant authentication details each time an
# authentication with the corresponding method is attempted.
# Default is 'yes', superseeded by the related entry in '.rootrc' .
# The 'reuse' flag determines if a successful authentication will
# be later re-used without prompting (e.g. when the user tries
# to access the same host with same method during the same
# session: this allows to speed up operation in case of multiple
# access). Default is 'yes' for methods 0 (UsrPwd), superseeded
# by the related entries in '.rootrc'.
# 'reuse' will be af no advantage and 'prompt' is not allowed for
# security reasons. The format for the default info depends on
# the method:
#
# Method Format info
#
# UsrPwd us:<username> cp:<crypt_option>
#
# The key 'us' allows to specify a target username different from
# the local username (which is the default target username); the
# value specified via 'us' is superseeded by any user information
# passed through the constructor, e.g. <user> in TFTP("<user>@<host>").
#
# The additional keys for UsrPwd specify:
# 'cp' whether to encrypt the password with a public key (default)
# or not (slighty faster), values are 'yes' or '1' for YES,
# 'no' or '0' for NO (case sensitive);
#
# Example of valid 'method' lines:
#
# default list 0
# default user asdfgh method usrpwd pt:1 ru:no
# include local/myrootauthrc
# include $ROOTSYS/etc/system.rootauthrc
#
# The first line states that, unless differently specified,
# the first method to be tried for autentication is UsrPwd.
# The second line specifies that, for UsrPwd authentication, user
# 'asdfgh' will get a prompt with default username 'asdfgh' and
# that a successful authentication will not be reused
# The third directive includes the content of the file
# myrootauthrc located in the subdirectory local of the
# directory where the intercative root session was started.
# The fourth directive includes the content of the system
# defaults.
#
# - Finally, also supported are lines of the form:
#
# proofserv <host1>[:<user1>][:<method1>[:...[:<methodn>]]] \
# <host2>[:<user2>][:<method1>[:...[:<methodn>]]] \
# ... <hostn>[:<usern>][:<method1>[:...[:<methodn>]]]
#
# which are active only for PROOF sessions and specify the list of hosts
# for which the authentication info should be transmitted to the slaves
# of the PROOF cluster; these directives are useful, for example, in
# the case of data servers external to the PROOF cluster that you may
# want to access via a given 'user' and a given authentication 'method';
# 'user' and 'method' are not mandatory; for each <host> (an user, method)
# specified with 'proofserv' all the information that can be collected
# from the rest of the .rootauthrc file is sent to slaves via the master
#
#
default list usrpwd