/etc/root/system.rootdaemonrc is in root-system-common 5.34.30-0ubuntu8.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 | #
# $ROOTSYS/etc/system.rootdaemonrc, $HOME/.rootdaemonrc
# This files describe the names of the hosts for which
# the allowed authentication methods are not the default ones
# as specified in system.rootrc (if any).
# This file is used by the 'rootd', 'proofd' and 'sockd' daemons
# ('sockd' indicates servers run from ROOT interactive sessions
# via teh TServerSocket class).
#
# If existing, $HOME/.rootdaemonrc has priority over
# $ROOTSYS/etc/system.rootdaemonrc
#
# Format:
# - lines starting with '#' are comment lines.
#
# - hosts can specified either with their name (eg. pcepsft43),
# their FQDN (eg, pcepsft43.cern.ch) or their IP address
# (eg 137.138.99.73).
#
# - host names can be followed by :rootd, :proofd or :sockd to define
# directives applying only to the given service
#
# - directives applying to all host can be specified either by
# 'default' or '*'
#
# - the '*' character can be used in any field of the name to indicate
# a set of machines or domains, e.g. pcepsft*.cern.ch applies to all
# 'pcepsft' machines in the domain 'cern.ch'. (to indicate all
# 'lxplus' machines you should use 'lxplus*.cern.ch' because
# internally the generic lxplus machine has a real name of the form
# lxplusnnn.cern.ch; you can also use 'lxplus' if you don't care
# about domain name checking).
#
# - a whole domain can be indicated by its name, eg 'cern.ch',
# 'cnaf.infn.it' or '.ch'
# - truncated IP address can also be used to indicate a set of
# machines; they are interpreted as the very first or very last
# part of the address; for example, to select 137.138.99.73,
# any of these is valid: '137.138.99', '137.138', '137', '99.73';
# or with wild cards: '137.13*' or '*.99.73'; however, '138.99'
# is invalid because ambiguous.
#
# - the information following the name or IP address indicates, in order
# of preference, the short names or the internal codes of authentication
# methods accepted for requests coming from the specified host(s); the
# ones implemented so far are:
#
# Method short name code
#
# UsrPwd usrpwd 0
# SRP srp 1
# Kerberos krb5 2
# Globus globus 3
# SSH ssh 4
# UidGid uidgid 5 (insecure)
#
# (The insecure method is intended to speed up access within a cluster
# protected by other means from outside attacks; should not be used for
# inter-cluster or inter-domain authentication).
# Methods non specified explicitly are not accepted.
# For the insecure method it is possible to give access only to a
# specific list of users by specifying the usernames after the method
# separated by colons (:) example:
#
# uidgid:user1:user2:user3
#
# will allow uidgid access only to users user1, user2 and user3.
# This is useful to give easy access to data servers.
#
# It is also possible to deny access to a user by using a '-' in front of
# the name:
#
# uidgid:-user4
#
# - Lines ending with '\' are followed by additional information for the
# host on the next line; the name of the host should not be repeated.
#
# Example of allowing machines in the cern.ch domain to authenticate
# using SSH (as preferred method) followed by the Globus and UsrPwd methods;
# in this case, attempts to use SRP, Kerberos or UidGid methods will be
# rejected; however, the accepted methods will be communicated to the client
# and an automatic retry is attempted if the client can use any of them
# (negotiation).
#
# Valid examples:
#
# default none
# default ssh 0 uidgid
# 137.138. 4 0
# pceple19.cern.ch 4 1 3 2 5 0
# lxplus*.cern.ch 4 1 globus 0:qwerty:uytre 5
# pcep*.cern.ch:rootd 4 1 5:qwerty
#
# Everything allowed from the local host (for testing)
#
127.0.0.1 4 0 3 1 2 5
#
# secure methods allowed by default
default usrpwd ssh krb5 globus
|