Dear all,
As the title says, can anyone please explain how does this work? I'm
confused with the relation between voms role, grid-mapfile and the
gridmapdir.
As an example, I'm "dteamprd" in the grid-mapfile:
[root@serv03 root]# egrep "santanu|Santanu" /etc/grid-security/grid-mapfile
"/C=UK/O=eScience/OU=Cambridge/L=UCS/CN=santanu das" dteamprd
But, I'm atlas148 and dteam062 according to the "gridmapdir" mapping:
[root@serv03 root]# for iz in `ls -il /etc/grid-security/gridmapdir/*santanu* | awk '{print $1}'`; do ls -il /etc/grid-security/gridmapdir | grep ${iz}; done
14385754 -rw-r--r-- 1 root root 0 Feb 1 10:36 %2fc%3duk%2fo%3descience%2fou%3dcambridge%2fl%3ducs%2fcn%3dsantanu%20das
14386591 -rw-r--r-- 2 root root 0 May 9 11:37 %2fc%3duk%2fo%3descience%2fou%3dcambridge%2fl%3ducs%2fcn%3dsantanu%20das%3aatlas
14386591 -rw-r--r-- 2 root root 0 May 9 11:37 atlas148
14386123 -rw-r--r-- 2 root root 0 Jun 18 14:21 %2fc%3duk%2fo%3descience%2fou%3dcambridge%2fl%3ducs%2fcn%3dsantanu%20das%3adteam
14386123 -rw-r--r-- 2 root root 0 Jun 18 14:21 dteam062
When I submit jobs, I always mapped to "atlas148" when I use
"voms-proxy-init -voms atlas" to create the proxy and to dteam062 using
my dteam certificate. So, doesn't it mean that grid-mapfile is
completely ignored when user comes with a voms proxy.
Now, if the proxy is created with the specific role, like this:
voms-proxy-init -voms dteam:/dteam/Role=production
I authorized and ran job as dteamprd but the local mapping in the
gridmapdir still points to dteam062, which seem to make "use of
gridmapdir" completely useless.
Can anyone please explain this to me please? Having another look
afterwards , I found that I'm not alone here; the grid-mapfile and
gridmapdir entries are different for several other people as well.
I've cc'd this to Jens, as I was talking to him regarding this
yesterday, in case he is curious.
Cheers,
Santanu
|