We also have a cronjob which clears entries in
/etc/grid-security/gridmapdir, which is older
than 10 days.
About, the lcg-tags issue, I have now noticed in the logs
that the user's primary FQAN that they are coming in is
still as a normal role (/biomed), even though, their proxy
certificate indicates the following attributes
attribute : /biomed/Role=lcgadmin/Capability=NULL
I will get them to check again on their end and run some
more tests.
krishan
On 21/10/15 09:36, Winnie Lacesso wrote:
> On 10/20/2015 Stephen Jones wrote
>
>> Once a mapping has been made, it is stored in
>> /etc/grid-security/gridmapdir (different entirely to grid-mapfile etc.)
>> Once it is stored it is fixed. It is never removed by any normal
>> process.
>
> Are you sure? All our LCG nodes including ARGUS have cronjob
> /etc/cron.d/lcg-expiregridmapdir (not owned by any package)
> & the impression is its job is as (so to speak) written on the tin: to
> expire /etc/grid-security/gridmapdir entries, either by age or usage or
> something (have never looked at the code).
>
> Of course I could be wrong about that.
>
> It creates logfile /var/log/lcg-expiregridmapdir.log
> (NB: Never rotated! Tsk!)
> The entries aren't very informative, alas.
>
|