Christian Neissner wrote:
> Hi Maarten:
>
> On Tue, 12 Jun 2007 12:59:12 +0200, Maarten Litmaath <[log in to unmask]> wrote:
>
>>That file is irrelevant when you properly configure the gLite CE.
>>It currently uses /etc/grid-security/grid-mapfile and
>>/etc/grid-security/groupmapfile, nothing else.
>
>
> Can you give me an example of those files in properly configured gliteCE?
/etc/grid-security/grid-mapfile for DTEAM
(if you use pool accounts for sgm/prd):
--------------------------------------------------
"/dteam/Role=lcgadmin/Capability=NULL" .dteamsgm
"/dteam/Role=lcgadmin" .dteamsgm
"/dteam/Role=production/Capability=NULL" .dteamprd
"/dteam/Role=production" .dteamprd
"/dteam/Role=NULL/Capability=NULL" .dteam
"/dteam" .dteam
--------------------------------------------------
/etc/grid-security/groupmapfile for DTEAM:
--------------------------------------------------
"/dteam/Role=lcgadmin/Capability=NULL" dteam
"/dteam/Role=lcgadmin" dteam
"/dteam/Role=production/Capability=NULL" dteam
"/dteam/Role=production" dteam
"/dteam/Role=NULL/Capability=NULL" dteam
"/dteam" dteam
--------------------------------------------------
YAIM's groups.conf for DTEAM:
--------------------------------------------------
"/VO=dteam/GROUP=/dteam/ROLE=lcgadmin":::sgm:
"/VO=dteam/GROUP=/dteam/ROLE=production":::prd:
"/VO=dteam/GROUP=/dteam"::::
--------------------------------------------------
> And by the way, how do they look like on a WMS? Because we had to install
> both machines "by hand" the generation of those files didn't work very well.
On the WMS /etc/grid-security/grid-mapfile still has the "classic" format.
Although /etc/grid-security/groupmapfile is created, it is not needed.
Ensure, however, that /opt/glite/etc/lcmaps/lcmaps.db looks like this:
--------------------------------------------------------------------------
# LCMAPS configuration file for WMProxy
#
# LCMAPS policy file/plugin definition
#
# default path
path = /opt/glite/lib/modules
# Plugin definitions:
good = "lcmaps_dummy_good.mod"
localaccount = "lcmaps_localaccount.mod"
"-gridmapfile /etc/grid-security/grid-mapfile"
poolaccount = "lcmaps_poolaccount.mod"
" -override_inconsistency"
" -gridmapfile /etc/grid-security/grid-mapfile"
" -gridmapdir /etc/grid-security/gridmapdir"
vomslocalgroup = "lcmaps_voms_localgroup.mod"
"-groupmapfile /etc/grid-security/groupmapfile"
"-mapmin 0"
vomspoolaccount = "lcmaps_voms_poolaccount.mod"
"-gridmapfile /etc/grid-security/grid-mapfile"
"-gridmapdir /etc/grid-security/gridmapdir"
"-do_not_use_secondary_gids"
vomslocalaccount = "lcmaps_voms_localaccount.mod"
"-gridmapfile /etc/grid-security/grid-mapfile"
"-use_voms_gid"
# Policies:
standard:
localaccount -> good | poolaccount
poolaccount -> good
# DN-local -> DN-pool -> VO-pool
voms:
localaccount -> good | poolaccount
poolaccount -> good | vomslocalgroup
vomslocalgroup -> vomspoolaccount
--------------------------------------------------------------------------
|