Hi John,
I believe that we do effectively by turning off account recycling. So
although we have a pool of accounts because the accounts are never
recycled once they are allocated they remain associated with the same
person (I guess until we rebuild/upgrade the CE I guess). Isn't this
the case for most sites, for all the hideous security reasons that have
outlined on list many times before?
Yes, I realise that this is a different issue to the sgm accounts but it
is not totally unrelated.
All the best,
david
Gordon, JC (John) wrote:
> So Dave, does Imperial have static accounts defined for every member of every VO you support? That must be a b****r to maintain.
>
> John
>
> -----Original Message-----
> From: "David Colling" <[log in to unmask]>
> To: "[log in to unmask]" <[log in to unmask]>
> Sent: 22/02/08 12:09
> Subject: Re: sgm/prd pool accounts
>
> I must admit that i would be very nervous of using pool accounts for sgm
> accounts (or anyother account come to that)
>
> Gordon, JC (John) wrote:
>> Duncan, are you confident that if multiple people use an sgm account at
>> your site at the same time that you can satisfy the auditing
>> requirements to know who did what?
>>
>> John
>>
>>> -----Original Message-----
>>> From: Testbed Support for GridPP member institutes
>>> [mailto:[log in to unmask]] On Behalf Of Duncan Rand
>>> Sent: 21 February 2008 16:12
>>> To: [log in to unmask]
>>> Subject: sgm/prd pool accounts
>>>
>>> Hi
>>>
>>> At RHUL and QMUL we are installing new clusters and I am
>>> coming across the thorny issue of sgm and prd pool accounts.
>>> I see that the yaim instructions now state that "Note: static
>>> accounts are not recommended".
>>> When I did a quick poll of VO's they said yes we can deal
>>> with pool sgm accounts but we prefer static sgm accounts. So
>>> at RHUL I am planning to use pool prd accounts and static sgm
>>> accounts. Has anybody got any comments?
>>>
>>> many thanks
>>> Duncan
>>>
|