On Wed, Mar 09, 2005 at 02:06:58PM +0100 or thereabouts, Andreas Unterkircher wrote:
> Hello,
>
> in /opt/edg/etc/edg-mkgridmap.conf I'd like to know what is the difference
> between lines starting with
>
> group ldap:/...
>
> and lines starting with
>
> auth ldap:/...
>
> I red the "LCG-Configuration and Management of the grid-map-file" v2.0
> document but it didn't help me to fully understand the difference. Can
> anybody explain it or point me to some documentation ? Thanks.
Hi Andreas,
from the man page
auth URI
The auth directive specifies a group of people which are authorized to
access to the local resources. If the certificate subject of a member
of a group is not present in this authorized group, it will not be
inserted in the grid-mapfile. If auth is omitted, this feature is
disabled.
If you took an extreme example of its use, we at RAL could define are
own auth policy that all users who want to use RAL must sign.
We then support users who are members of VOs that we like and have
signed the RAL policy.
In the case of LCG RAL has agreed that we are happy with the LCG guidelines
(a lot of the input came from here anyway) and that we are happy with users
signing them.
You could imagine a site containing hospital record data to have its own
very much stronger auth guidelines.
Steve
>
>
> Andreas
>
> --
> Andreas Unterkircher
> IT Department
> CERN
> CH-1211 Geneva 23
> http://cern.ch/openlab
--
Steve Traylen
[log in to unmask]
http://www.gridpp.ac.uk/
|