Administrative Control Panel ---------------------------- Authentication method: CAS. Authorization: roles. PHP.ini ------- PHP used must have PCNTL support. Below are the PHP options I know must be set (pick your own timezone obviously) in php.ini: short_open_tag = On date.timezone = "Europe/Stockholm"; Apache config ------------- <Directory "/opt/apache/htdocs/kp"> Options ExecCGI AcceptPathInfo On # SetEnv PATH /opt/php-5.3/bin:/bin:/usr/bin # SetEnv KPSECRETS secretkey # SetEnv KPSTASH othersecretkey SetEnv KPHOME /var/lib/kp SetEnv KPSESSIONTIMEOUT 480 SetEnv KPCOOKIETIMEOUT 480 SetEnv KPCASURL "https://cas.url.example/cas" SetEnv KPCASSERVICE "http://kp.example/kp/kp" <Files "kp"> SetHandler cgi-script </Files> <Files ~ "^_(exe|auth|view|tags|log|logout|file|stash)$"> SetHandler cgi-script </Files> </Directory> $KPHOME/log and $KPHOME/tmp must be writable by kp. Authorization ------------- Populate $KPHOME/auth with files corresponding to roles. Each file (rolefile) should contain a newline delimited list of usernames. Users with their username in a rolefile will have access to all jobs with this role in its 'roles' file. Directories ----------- Under KPHOME you should create a number of directories: auth etc [optional] etc/admin -- If you want users to be able to create jobs from the webinterface, this file must contain the roles that will be able to create jobs. exe log run secrets [optional] tmp Anatomy of a job ---------------- Jobs are created in a subdirectory under $KPHOME/exe. One subdir per job. The files in this drectory are: name [optional] Name that may contain spaces etc, for display to user. description Text describing the job. Usage and purpose. roles Names of roles that are allowed to see and execute this job. One per line. Newline delimited. run [optional] tags Tags to allow finding the job via the URL. param1 [optional] Description of the first parameter that the user must supply for job execution. param2 [optional] Description of the second parameter that the user must supply for job execution. param3 [optional] Description of the third parameter that the user must supply for job execution. adminroles [optional] Users with this role are allowed to edit the job-configuration. creator [optional ] Username of the job creator. Is allowed to edit the job. Parameter description --------------------- <text>: text <content> <max input length> <maximum display length> <text>: select <content> <maximum display length> <options> content: [opt:](alpha|alnum|num|path|url) Types: text|select alpha: [A-Za-z]+ alnum: [A-Za-z0-9]+ path: [A-Za-z0-9/_.-]+ url: [A-Za-z0-9/_+.%:-]+ num: [0-9]+ Examples. Select a value: select alnum A B C D Input some text: text alpha If prefixed with "opt:" the value is allowed to be empty. Per job secrets --------------- If you need to have job-specific data that must be hidden from other jobs, you can create a directory $KPHOME/secrets/SECRETKEY. To stop other users from figuring out the secret directory: $ chmod o-r $KPHOME/secrets Note that the directory $KPHOME/secrets must not be owned or writable by the user running kp. Configure the webserver to export the secret key: SetEnv KPSECRETS <SECRETKEY> Also note that this will not be completely secure unless you also use the sandbox functionality. The key for KPSECRETS and KPSTASH must not be the same. Per role secrets --------------- If you need to have role-specific data that must be hidden from other jobs, you can create a directory $KPHOME/secrets/SECRETKEY. To stop other users from figuring out the secret directory: $ chmod o-r $KPHOME/secrets Note that the directory $KPHOME/secrets must not be owned or writable by the user running kp. Configure the webserver to export the secret key: SetEnv KPSTASH <SECRETKEY> Also note that this will not be completely secure unless you also use the sandbox functionality. The key for KPSECRETS and KPSTASH must not be the same. Sandbox ------- To isolate jobs from each other. Only way to keep secrets from other jobs. Needs the sandbox application: http://.... SetEnv KPSANDBOX yes