Hi Chris,
just a small addition, because this might not be clear. The gridmapdir
is (primarily) meant to keep track of mappings that have been made, such
that there are no double mapping etc. The mapping itself is determined
via different mechanisms, e.g. a local gridmapfile, or a SCAS or Argus
server. This takes into account the gridmapdir to make sure accounts are
not double-used. So if you remove a gridmapdir entry, you will probably
get the same entry back, unless it is taken up by another user in the
meantime.
Hope this clarifies it a bit...
Mischa
On Thu, Jul 22, 2010 at 02:11:44PM +0200, Maarten Litmaath wrote:
> Hi Chris,
>
>> On our lcg-CE, I find my DN is mapped to a particular pool account. I
>> want to release this pool account, so that I can be mapped to a different
>> account.
>>
>> I had assumed that deleting the link file containing my DN from
>> /etc/grid-security/gridmapdir would be enough to make this happen. When I
>> submit another job though, I find myself mapped to exactly the same pool
>> account.
>
> Because it happened to be the first free account in the (raw) directory?
> Check:
>
> ls -f /etc/grid-security/gridmapdir | less
>
>> Is this the expected behaviour, or should I have expected to have been
>> mapped to a different account? Is deleting this link enough to free up
>> the pool account?
>
> If you want to avoid the account from being used, either delete the file
> from the gridmapdir (and remove the corresponding DN link) or link it to
> some other file that does not cause problems:
>
> cd /etc/grid-security/gridmapdir
> ln dteam012 locked-dteam012
>
> When the link count is larger than 1, the account is deemed occupied.
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email [log in to unmask]
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
|