On Wed, 26 Sep 2007, Yves Kemp wrote:
> Hi Maarten,
>
> I just found out that using the file
> http://www.desy.de/~kemp/lcmaps.db.gridftp
>
> repeating the command
> edg-gridftp-ls gsiftp://grid-ce3.desy.de//etc/motd
> twice with the same proxy, the second time, the result is OK.
> (only for the problematic SGM proxies, the others work fine all the
> time)
I do not understand that one yet, but see below.
> The log for the two consecutive commands is here
> http://www.desy.de/~kemp/gridftp-lcas_lcmaps.log
>
> The log for your lcmaps.gridftp config is here:
> http://www.desy.de/~kemp/lcmaps.db.gridftp_maarten
>
> The error message then shows
> error the server sent an error response: 530 530 LCMAPS credential
> mapping NOT successful
Somehow a spelling error crept in: "posixenf" should be "posix_enf"!
Please try the updated attachment.
# where to look for modules
path = /opt/edg/lib/lcmaps/modules
# module definitions
localaccount = "lcmaps_localaccount.mod -gridmapfile /etc/grid-security/grid-mapfile"
poolaccount = "lcmaps_poolaccount.mod "
" -override_inconsistency "
" -gridmapfile /etc/grid-security/grid-mapfile "
" -gridmapdir /etc/grid-security/gridmapdir/"
good = "lcmaps_plugin_example.mod"
posix_enf = "lcmaps_posix_enf.mod"
" -maxuid 1 -maxpgid 1 -maxsgid 32"
vomsextract = "lcmaps_voms.mod"
" -vomsdir /etc/grid-security/vomsdir"
" -certdir /etc/grid-security/certificates"
vomslocalgroup = "lcmaps_voms_localgroup.mod"
" -groupmapfile /opt/edg/etc/lcmaps/groupmapfile"
" -mapmin 1"
vomspoolaccount = "lcmaps_voms_poolaccount.mod"
" -gridmapfile /opt/edg/etc/lcmaps/gridmapfile"
" -gridmapdir /etc/grid-security/gridmapdir"
" -override_inconsistency"
vomslocalaccount = "lcmaps_voms_localaccount.mod"
" -gridmapfile /opt/edg/etc/lcmaps/gridmapfile"
" -use_voms_gid"
# policies to support both GMF and VOMS
voms_acq:
vomsextract -> vomslocalgroup
vomslocalgroup -> vomslocalaccount
vomslocalaccount -> good | vomspoolaccount
standard_acq:
poolaccount -> good | localaccount
localaccount -> good
voms_enf:
vomsextract -> vomslocalgroup
vomslocalgroup -> vomslocalaccount
vomslocalaccount -> posix_enf | vomspoolaccount
vomspoolaccount -> posix_enf
standard_enf:
poolaccount -> posix_enf | localaccount
localaccount -> posix_enf
|