Ciao Alessandro,
> with "old style pool accounts" I mean just a pool account like dteamprd
> or dteamsgm, known as "dynamic" pool account because it could be
> assigned to more people (I am afraid to mismatch the "dynamic" and the
> "static" definitions, so correct me if I am wrong)
You have it reversed! Accounts like dteamprd and dteamsgm are _not_
pool accounts at all: they do not come from a pool of accounts!
Accounts like dteamprd and dteamsgm are called static accounts.
A group of pool accounts whose names start with some base name "foo"
should have purely numeric strings following that base. This was not
enforced by the old EDG versions of LCMAPS, which is why ordinary users
could end up getting mapped to "foosgm" pool accounts as well.
Note: this can happen even when there are still unused "foo" accounts,
since LCMAPS will take the first unused account with matching base name,
as given by the _unordered_ (raw) directory listing. Check with this:
ls -f /etc/grid-security/gridmapdir/
To prevent such problems on the gLite 3.0 lcg-CE, the "sgm" and "prd"
prefixes in the example users.conf were changed:
"foosgm" --> "sgmfoo"
"fooprd" --> "prdfoo"
|