Skip to content

EGRID website

Sections
Personal tools
You are here: Home » Documentation » Voms local account
Log in


Forgot your password?
 

Voms local account

One to One mapping with voms proxy

Scenario:

Two VO users have to share the same local account

VO user /C=IT/O=INFN/OU=Personal Certificate/L=ICTP/CN=Pippo /C=IT/O=INFN/OU=Personal Certificate/L=ICTP/CN=Paperino

Local Account

user grid

Modified the file /opt/edg/etc/lcmaps/lcmaps.db

# LCMAPS policyfile generated by YAIM - DO NOT EDIT # # where to look for modules path = /opt/edg/lib/lcmaps/modules

# module definitions

posixenf = "lcmaps_posix_enf.mod -maxuid 1 -maxpgid 1 -maxsgid 32 " localaccount = "lcmaps_localaccount.mod -gridmapfile /etc/grid-security/grid-mapfile" poolaccount = "lcmaps_poolaccount.mod -gridmapfile/etc/grid-security/grid-mapfile-gridmapdir /etc/grid-security/gridmapdir/ -override_inconsistency"

System Message: WARNING/2 (<string>, line 27)

Block quote ends without a blank line; unexpected unindent.

vomsextract = "lcmaps_voms.mod -vomsdir /etc/grid-security/vomsdir/ -certdir /etc/grid-security/certificates/" vomslocalgroup = "lcmaps_voms_localgroup.mod -groupmapfile /opt/edg/etc/lcmaps/groupmapfile -mapmin 0" vomspoolaccount = "lcmaps_voms_poolaccount.mod -gridmapfile /opt/edg/etc/lcmaps/gridmapfile -gridmapdir /etc/grid-security/gridmapdir -override_inconsistency" #vomslocalaccount = "lcmaps_voms_localaccount.mod -gridmapfile /opt/edg/etc/lcmaps/gridmapfile -use_voms_gid" vomslocalaccount = "lcmaps_voms_localaccount.mod -gridmapfile /opt/edg/etc/lcmaps/gridmapfile.local -use_voms_gid"

standard: localaccount -> posixenf | poolaccount poolaccount -> posixenf

# policies voms: # vomslocalaccount -> localaccount # vomsextract -> vomslocalgroup vomslocalgroup -> vomspoolaccount vomspoolaccount -> posixenf | vomslocalaccount

The file suggest, that standard applies to Proxy without VOMS extension and voms applies to proxy with VOMS extensions.

The first rule matched is applied as iptables

To force tne one to one mapping with woms extensions, added in the voms section the FISRT line

vomslocalaccount -> localaccount

and the DN in the /etc/grid-security/grid-mapfile

"/C=IT/O=INFN/OU=Personal Certificate/L=ICTP/CN=Pippo" grid "/C=IT/O=INFN/OU=Personal Certificate/L=ICTP/CN=Paperino" grid

TODO mapping for gridftp /ot/edg/etc/lcmaps/lcmaps.db.gridftp

Created by aterpin
Last modified 2007-11-14 02:54
 
Powered by Plone

This site conforms to the following standards: