On Tue, 1 Jul 2008, Tomas Kouba wrote:
> in /etc/grid-security/gridmapdir, there are files in following format:
> <DN>:<FIELD1>:<FIELD2>
Each field following a ':' character is the UNIX group name corresponding
to a VOMS FQAN in a proxy whose primary FQAN is mapped to a pool account.
For example, if the proxy contains these FQANs:
/atlas/Role=production/Capability=NULL
/atlas/Role=NULL/Capability=NULL
If the ATLAS production users are mapped to their own pool accounts
(e.g. prdatl01 ... prdatl99), then such a proxy will have a corresponding
file in /etc/grid-security/gridmapdir of the form <DN>:<GROUP1>:<GROUP2>,
where <GROUP1> is the group for ATLAS production users (say "atlasprd")
and <GROUP2> the standard group for ATLAS users (say "atlas").
|