DACS.README(7) | DACS Miscellaneous Information | DACS.README(7) |
NAME¶
dacs.readme - DACS README
DESCRIPTION¶
This file is part of the DACS suite.
After reviewing this document, it will be beneficial to look at these important documents:
NO WARRANTY
This software is provided by Dss "as is" and any express or implied warranties, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement, are disclaimed. in no event shall dss be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
DACS At a Glance¶
DACS is:
For developers, DACS makes access control functionality available through the command line, allowing scripts (Perl, PHP, shell, etc.) to make data-driven access control decisions rather than program-driven ones. This can be used completely independently of the web functionality and without dealing with run-time configuration of DACS. Please see dacscheck(1)[7]. DACS also provides web services from which single sign-on systems can be constructed.
For web sites, DACS can help manage access to web resources in many situations, whether you have just one web server, several web servers at one site, or many web servers spread across the Internet. You may find it to be useful simply as a universal authentication mechanism for a single Apache server or as a full-fledged, single sign-on multi-server identity management and access control system.
Tip
If you are interested in dacscheck(1)[7] or the general-purpose DACS utilities (e.g., dacshttp(1)[8], sslclient(1)[9]) but are not interested in web services or Apache, refer to the instructions in dacs.install(7)[4].
The DACS home page is at https://dacs.dss.ca. DACS was hosted as a SourceForge[10] project at http://sourceforge.net/projects/dacs, but that has not been used since 2013.
Supported Platforms¶
DACS is currently developed and tested:
Important
DACS 1.4.40 is the final version to officially support the Apache 2.2 series. Future releases of DACS will not be maintained, tested, or documented with Apache 2.2 series servers.
FreeBSD 10.3 is the primary development platform. For this reason, references to Unix manual pages throughout the DACS documentation cite the FreeBSD documentation. This should not matter much if you are using a different platform, but keep this in mind.
Most DACS installations are on Linux or FreeBSD platforms. Support for macOS is comparatively recent.
Note
Other Platforms¶
DACS is not officially supported on platforms other than those described above. Recent releases have built and worked correctly on other platforms, but because we do not have ready access to them, or due to lack of interest, we no longer test on them.
Up to and including version 1.4.25, DACS was tested and used on Solaris 10[16] (OpenSolaris[17] 2008.11, SunOS 5.11, x86[18]). Solaris is no longer supported. Early versions of DACS were used on Solaris 8 (SPARC) and Solaris 10 (SPARC) platforms. A wide variety of build, install, and run-time problems were encountered with third-party packages on the OpenSolaris and SPARC platforms. Depending on which third-party software your DACS configuration requires, or if you are prepared to try older versions of third-party software or devote extra effort, you may have some success running DACS on these platforms, but in general we cannot recommend using these platforms for DACS in production settings and they are no longer officially supported. Comments specific to Solaris remain in the DACS documentation but will likely be removed in a future release, as will configuration and build capabilities.
Earlier releases of DACS compiled and (mostly) installed cleanly on WinXP/Cygwin[19] 1.7.5 and later with GCC 4.3, but starting with DACS 1.4.26, Cygwin[19] is no longer used for testing DACS. Comments specific to Cygwin that remain in the DACS documentation will likely be removed in a future release, as will configuration and build capabilities. Regarding Cygwin and earlier versions of DACS:
We expect that DACS will also run on other varieties of Unix and with other browsers. No testing is done with very old browsers, however. We would appreciate reports of problems encountered while building or running DACS on unofficial platforms so that we can address portability issues and support these platforms better.
Warnings¶
Please read this section carefully!
Security
OpenSSL's dgst command can be used to compute checksums; for example,
% openssl dgst -md5 dacs-1.4.32.tgz % openssl dgst -sha1 dacs-1.4.32.tgz
Many other systems and software components, including Apache and OpenSSL, can also compromise system security if not properly installed, configured, and administered; they give similar admonishments. Please take appropriate care.
A DACS administrator ought to have some experience with Apache configuration (including its authentication and access control directives, and building httpd), and basic knowledge of security issues on the installation platform.
You should likewise stay alert to new releases of third-party packages that your install of DACS uses.
Note that if a client connects from an insecure subnet, various man-in-the-middle attacks[25] are possible, even when it appears that SSL/TLS is being used (for example, see sslstrip[26]).
Important
DACS MAY INCLUDE ITS OWN CRYPTOGRAPHIC FUNCTIONS and may therefore fall under certain import, export, and/or use restrictions in other parts of the world, even though DACS is developed, maintained, and officially distributed from Canada.
Export and/or import and/or use of strong cryptography software, providing cryptography hooks, or merely communicating technical details about cryptographic software is illegal in some parts of the world. YOU ARE STRONGLY ADVISED to pay close attention to any laws that may apply when you import, export, or use DACS, or even communicate about it. We are not liable for any violations you make - it is your responsibility. For additional information, see the Crypto Law Survey[31].
Release Information¶
Information about DACS releases, including the latest release, is provided in the Version Guide[32] and on the Download and Release Information page.
To programmatically determine the latest version of DACS and obtain a direct link for downloading, you may invoke https://dacs.dss.ca/cgi-bin/dacs/latest_dacs, which returns a simple text document comprised of name/value pairs.
Roadmap¶
Stability, backward compatibility, portability across supported platforms, and keeping up to date with respect to third-party support packages are now the primary goals of DACS 1.4 releases. A top priority is to fix all known bugs between releases and improve the documentation.
Please consult the DACS web site for information on upcoming releases.
Upgrading¶
Security
Because DACS is security software, we strongly recommend that you upgrade to the newest release as soon as you are able.
Upgrading is neither a difficult nor a time consuming procedure most times. Sometimes an incompatible change in DACS will require you to change a DACS configuration file, but this should not be difficult to do and we will try to advise you of such changes.
The DACS 1.4 releases contain a great many changes and improvements, some incompatible with earlier releases of DACS. If you are upgrading from DACS 1.3.2 or another older release, you will need to become familiar with these changes. You must manually convert your old DACS configuration files to the new format, for example. You should not find upgrading to be a difficult or time consuming task.
Important
Making backup copies of your DACS installation immediately prior to upgrading is strongly recommended.
Some features available in earlier versions of DACS are not available in this release, but will be provided as soon as possible.
Note that DACS 1.4 may not interoperate with prior releases.
We aim to avoid making any backward incompatible changes within the DACS 1.4.x releases.
Add-on Features¶
Some features of DACS may be implemented by third parties or as custom extensions. They may be included with the open source DACS distribution (and therefore fall under the open source LICENSE[3]), or are provided separately. The dacsversion[33] command and dacs_version[34] web service indicate whether add-ons are enabled (present) in a particular installation of DACS; look for +addons or addons="enabled" from the former, and ENABLE_ADDONS=1 from the latter.
While add-ons may provide new capabilities, they should not alter the syntax or semantics of capabilities shared with the base DACS distribution.
Administration¶
Once installed and configured, DACS requires very little administration.
Tip
At higher logging levels, DACS log files can become large quite quickly. You should therefore arrange for them to be rotated regularly (e.g., using newsyslog(8)[35]). A built-in log rotation feature is being considered for DACS.
If you're creating DACS log files that have names based on their date of creation, to expire/rotate/compress them you might periodically run the find(1)[36] command to identify old logs. For example, the command
% find /usr/local/dacs/logs -type f -a -mtime 2 -a -exec gzip {} \;
will compress any files in the log directory that haven't been modified for at least 24 hours.
There are also Apache modules available to do the rotation:
Related Software¶
A variety of other software and resources for DACS can be found in the dacs-contrib[37] project at SourceForge[10].
The DACS Java Library (DJL)
The DJL is being developed to support the use of DACS in Java client applications. It implements Java wrapper classes for selected DACS services, and provides an HTTP client through which DACS services may be accessed and DACS credentials obtained and managed.
The FedAdmin Web Application
FedAdmin is an administrator console for managing the configuration of DACS federations and jurisdictions. It is deployed in a servlet container such as Tomcat, but must be accessed via an Apache+DACS proxy and deployed under a dedicated FEDADMIN DACS application jurisdiction.
FedAdmin implements partial coverage of the most common DACS configuration tasks, including viewing federation and jurisdiction configuration directives, adding and deleting local DACS users, and creating, editing, and deleting ACL rules.
Support¶
An array of technical support is available from DSS[38]. Please see the support page[39] for details. DACS development, maintenance, and free support is made possible in part by customers that purchase technical support packages or contract for customizations (most of which then become available to all free of charge).
Known Problems¶
There are a few defects in the DACS 1.4 releases that administrators should be aware of. These are not likely to be addressed in the near future.
Bugs, Suggestions, and Feedback¶
Please see the support page[39] for details.
Some elements of DACS are less well-travelled than others and users may therefore experience problems with them. Please let us know[41] if you encounter bugs.
SEE ALSO¶
dacs(1)[2], dacs.install(7)[4], dacs.quick(7)[5]
AUTHOR¶
Distributed Systems Software (www.dss.ca[38])
COPYING¶
Copyright © 2003-2018 Distributed Systems Software. See the LICENSE[3] file that accompanies the distribution for licensing information.
NOTES¶
- 1.
- README
- 2.
- dacs(1)
- 3.
- LICENSE
- 4.
- dacs.install(7)
- 5.
- dacs.quick(7)
- 6.
- Apache
- 7.
- dacscheck(1)
- 8.
- dacshttp(1)
- 9.
- sslclient(1)
- 10.
- SourceForge
- 11.
- FreeBSD
- 12.
- CentOS
- 13.
- Red Hat Enterprise Linux
- 14.
- macOS Sierra
- 15.
- FAQ
- 16.
- Solaris 10
- 17.
- OpenSolaris
- 18.
- x86
- 19.
- Cygwin
- 20.
- Digital Rights Management (DRM) system
- 21.
- RFC 2616
- 22.
- subscribe to email notifications
- 23.
- HTTPS
- 24.
- SECURE_MODE
- 25.
- man-in-the-middle attacks
- 26.
- sslstrip
- 27.
- OpenSSL
- 28.
- crypt(3)
- 29.
- RFC 1305
- 30.
- RFC 1035
- 31.
- Crypto Law Survey
- 32.
- Version Guide
- 33.
- dacsversion
- 34.
- dacs_version
- 35.
- newsyslog(8)
- 36.
- find(1)
- 37.
- dacs-contrib
- 38.
- DSS
- 39.
- support page
- 40.
- PASSWORD_DIGEST
- 41.
- let us know
08/23/2020 | DACS 1.4.40 |