[log in to unmask] wrote:
> On Tue, 1 Jul 2008, Tomas Kouba wrote:
>
>> in /etc/grid-security/gridmapdir, there are files in following format:
>> <DN>:<FIELD1>:<FIELD2>
>
> Each field following a ':' character is the UNIX group name corresponding
> to a VOMS FQAN in a proxy whose primary FQAN is mapped to a pool account.
> For example, if the proxy contains these FQANs:
>
> /atlas/Role=production/Capability=NULL
> /atlas/Role=NULL/Capability=NULL
>
> If the ATLAS production users are mapped to their own pool accounts
> (e.g. prdatl01 ... prdatl99), then such a proxy will have a corresponding
> file in /etc/grid-security/gridmapdir of the form <DN>:<GROUP1>:<GROUP2>,
> where <GROUP1> is the group for ATLAS production users (say "atlasprd")
> and <GROUP2> the standard group for ATLAS users (say "atlas").
Hi all,
thank you for the explanation Maarten. My problem is that we have a user
that is mapped two times at our CE and only the groups are swapped:
66843 -rw-r--r-- 2 root root 0 Jun 30 14:48 %2fo%3dgermangrid%2fou%3dlmu%2fcn%3djohn%20kennedy:atlasprd:atlas
66843 -rw-r--r-- 2 root root 0 Jun 30 14:48 atlasprd020
66734 -rw-r--r-- 2 root root 0 Jul 1 13:14 %2fo%3dgermangrid%2fou%3dlmu%2fcn%3djohn%20kennedy:atlas:atlasprd
66734 -rw-r--r-- 2 root root 0 Jul 1 13:14 atlas111
Does it mean, that the user has had two proxies one with
/atlas/Role=production/Capability=NULL
/atlas/Role=NULL/Capability=NULL
and the other with
/atlas/Role=NULL/Capability=NULL
/atlas/Role=production/Capability=NULL
?
How can this be achieved?
--
Tomas Kouba
Institute of Physics, Academy of sciences of the Czech Republic
|