> did you cleared the cache of the PEPd and reloaded the policy into the PDP?
>
> /etc/init.d/argus-pdp reloadpolicy
> /etc/init.d/argus-pepd clearcache
>
> if not, and if you checked right after adding the obligation, you might got a cached response. I think the standard time for the PEPd to refresh the cache is ~10min.
Indeed I hadn't:
[root@mercury argus]# pepcli -p https://mercury.hep.kbfi.ee:8154/authz -c ~/x509up_u101 -r myCE -a myA -t 60 -x --capath /etc/grid-security/certificates/ --cert /etc/grid-security/hostcert.pem --key /etc/grid-security/hostkey.pem
Resource: myCE
Decision: Permit
Obligation: http://glite.org/xacml/obligation/local-environment-map/posix (caller should resolve POSIX account mapping)
Username: cms092
Group: cms
Secondary Groups: cms
Woot :P Now off to CREAM land to see how that fares and first looks are positive. Will come back crying if things don't turn out well. Thanks for all the great help.
Mario Kadastik, PhD
Researcher
---
"Physics is like sex, sure it may have practical reasons, but that's not why we do it"
-- Richard P. Feynman
|