Hi Maarten, Stephen and Christoph...
First of all, thanks to all the replies.
Looking to Christoph link, we understood that the reservation of
resources for local users is not a request of the CMS exercise (our CMS
staff gave us the opposite idea), and therefore, we are pushing for the
introduction of a PT voms groups. We looked in CMS VOMSRS, and seen that
there are several groups like /cms/becms, /cms/dcms, /cms/escms,
/cms/frcms, /cms/itcms, /cms/twcms and /cms/uscms. Therefore, I do not
forsee major problems in the request for the creation of a new
/cms/ptcms group.
Regarding the solution propose by Marteen, there is also other hack to
do it... While searching, I've seen the following link (just for your
knowledge);
http://scotgrid.blogspot.com/2008/02/to-voms-or-not-to-voms-that-is-question.html
Thanks Again
Goncalo and Mario
On 09/30/2009 09:05 PM, Maarten Litmaath wrote:
>>> 1. In /opt/glite/etc/lcmaps/lcmaps.db change the order of the "withvoms"
>>> and "standard" sections. Beware the file is written by YAIM.
>>>
>>> 2. Put your local users in /opt/edg/etc/grid-mapfile-local with their
>>> desired mappings. Note 1: each user will have exactly 1 mapping,
>>> that is the limitation of the classic grid-mapfile.
>>> Note 2: a pool account mapping will be overridden by a mapping to
>>> a static account, if any. For example, if grid-mapfile-local maps
>>> a DN to ".lipcms" and edg-mkgridmap.conf maps that DN to "cmssgm",
>>> the latter mapping wins!
>>> To avoid that: in /opt/edg/etc/edg-mkgridmap.conf comment out the
>>> lines for CMS. Beware the file is written by YAIM.
>>>
>> In fact, you will need to comment out _all_ lines in edg-mkgridmap.conf!
>>
> Except the one with /opt/edg/etc/grid-mapfile-local, of course... :-)
>
>
>> Otherwise the DN mapping will also take precedence for other users,
>> while normally the mapping should be according to VOMS attributes.
>>
>>
>>> 3. Run the commands in /etc/cron.d/edg-mkgridmap and
>>> /etc/cron.d/lcg-ce-mkgridmap manually and check the resulting
>>> contents of /etc/grid-security/grid-mapfile.
>>>
>
|