Wallet::ACL::NetDB::Root

(Wallet ACL verifier for NetDB roles (root instances))

SYNOPSIS

    my $verifier = Wallet::ACL::NetDB::Root->new;
    my $status = $verifier->check ($principal, $node);
    if (not defined $status) {
        die "Something failed: ", $verifier->error, "\n";
    } elsif ($status) {
        print "Access granted\n";
    } else {
        print "Access denied\n";
    }

Wallet::ACL::NetDB::Root works identically to Wallet::ACL::NetDB except that it requires the principal to be a root instance (in other words, to be in the form <principal>/root@<realm>) and strips the /root portion from the principal before checking against NetDB roles. As with the base NetDB ACL verifier, the value of a netdb-root ACL is a node, and the ACL grants access to a given principal if and only if the that principal (with /root stripped) has one of the roles user, admin, or team for that node.

To use this object, the same configuration parameters must be set as for Wallet::ACL::NetDB. See Wallet::Config(3) for details on those configuration parameters and information about how to set wallet configuration.

METHODS

check(PRINCIPAL, ACL): Returns true if PRINCIPAL is granted access according to ACL, false if not, and undef on an error (see DIAGNOSTICS below). ACL is a node, and PRINCIPAL will be granted access if it has an instance of root and if (with /root stripped off and the realm stripped off if configured) has the user, admin, or team role for that node.

Wallet::ACL::NetDB::Root

SYNOPSIS

DESCRIPTION

METHODS

DIAGNOSTICS

CAVEATS

SEE ALSO

AUTHOR