Hi all,
Gonçalo Borges wrote:
> Hi Maarten, Stephen and Christoph...
>...
> Regarding the solution propose by Marteen, there is also other hack to
> do it... While searching, I've seen the following link (just for your
> knowledge);
>
> http://scotgrid.blogspot.com/2008/02/to-voms-or-not-to-voms-that-is-question.html
Since this post (and the solution that Scotgrid and the Oscar Koeroo from
the LCMAPS team came up with), there is more documentation on 'interesting'
scenario's created, as well as documentation on other LCMAPS plugins (e.g.
to limit the maximum proxy life time allowed :-)
If you lack information the documentation pages at
https://www.nikhef.nl/grid/gridwiki/index.php/LCMAPS
and
https://www.nikhef.nl/grid/lcaslcmaps/
please let us know any time.
Cheers,
DavidG.
> On 09/30/2009 09:05 PM, Maarten Litmaath wrote:
>>>> 1. In /opt/glite/etc/lcmaps/lcmaps.db change the order of the
>>>> "withvoms"
>>>> and "standard" sections. Beware the file is written by YAIM.
>>>>
>>>> 2. Put your local users in /opt/edg/etc/grid-mapfile-local with their
>>>> desired mappings. Note 1: each user will have exactly 1 mapping,
>>>> that is the limitation of the classic grid-mapfile.
>>>> Note 2: a pool account mapping will be overridden by a mapping to
>>>> a static account, if any. For example, if grid-mapfile-local maps
>>>> a DN to ".lipcms" and edg-mkgridmap.conf maps that DN to "cmssgm",
>>>> the latter mapping wins!
>>>> To avoid that: in /opt/edg/etc/edg-mkgridmap.conf comment out the
>>>> lines for CMS. Beware the file is written by YAIM.
>>>>
>>> In fact, you will need to comment out _all_ lines in edg-mkgridmap.conf!
>>>
>> Except the one with /opt/edg/etc/grid-mapfile-local, of course... :-)
>>
>>
>>> Otherwise the DN mapping will also take precedence for other users,
>>> while normally the mapping should be according to VOMS attributes.
>>>
>>>
>>>> 3. Run the commands in /etc/cron.d/edg-mkgridmap and
>>>> /etc/cron.d/lcg-ce-mkgridmap manually and check the resulting
>>>> contents of /etc/grid-security/grid-mapfile.
>>>>
>>
>
--
David Groep
** Nikhef, Dutch National Institute for Sub-atomic Physics,PDP/Grid group **
** Room: H1.50 Phone: +31 20 5922179, PObox 41882, NL-1009DB Amsterdam NL **
|