Citando Maarten Litmaath <[log in to unmask]>:
> Ciao Alessandro,
>
>> with "old style pool accounts" I mean just a pool account like
>> dteamprd or dteamsgm, known as "dynamic" pool account because it
>> could be assigned to more people (I am afraid to mismatch the
>> "dynamic" and the "static" definitions, so correct me if I am wrong)
>
> You have it reversed! Accounts like dteamprd and dteamsgm are _not_
> pool accounts at all: they do not come from a pool of accounts!
> Accounts like dteamprd and dteamsgm are called static accounts.
>
> A group of pool accounts whose names start with some base name "foo"
> should have purely numeric strings following that base. This was not
> enforced by the old EDG versions of LCMAPS, which is why ordinary users
> could end up getting mapped to "foosgm" pool accounts as well.
>
> Note: this can happen even when there are still unused "foo" accounts,
> since LCMAPS will take the first unused account with matching base name,
> as given by the _unordered_ (raw) directory listing. Check with this:
>
> ls -f /etc/grid-security/gridmapdir/
>
> To prevent such problems on the gLite 3.0 lcg-CE, the "sgm" and "prd"
> prefixes in the example users.conf were changed:
>
> "foosgm" --> "sgmfoo"
> "fooprd" --> "prdfoo"
thanks Maarten for this comprehensive explanation :-)
cheers,
Alessandro
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
|