Difference between revisions of "ARC CE Hints"
From GridPP Wiki
(Created page with "== Mapping to pool accounts ==") |
(→Mapping to pool accounts) |
||
| Line 1: | Line 1: | ||
== Mapping to pool accounts == | == Mapping to pool accounts == | ||
| + | Argus in combination with lcmaps can be used to map DNs to pool accounts. In the ''[gridftpd]'' section of /etc/arc.conf include the following: | ||
| + | unixmap="* lcmaps liblcmaps.so /usr/lib64 /etc/lcmaps/lcmaps.db voms" | ||
| + | unixmap="nobody:nobody all" | ||
| + | where /etc/lcmaps/lcmaps.db is | ||
| + | path = /usr/lib64/lcmaps<br/> | ||
| + | verify_proxy = "lcmaps_verify_proxy.mod" | ||
| + | "-certdir /etc/grid-security/certificates" | ||
| + | "--discard_private_key_absence" | ||
| + | "--allow-limited-proxy"<br/> | ||
| + | pepc = "lcmaps_c_pep.mod" | ||
| + | "--pep-daemon-endpoint-url https://lcgargus02.gridpp.rl.ac.uk:8154/authz" | ||
| + | "--resourceid http://authz-interop.org/xacml/resource/resource-type/arc" | ||
| + | "--actionid http://glite.org/xacml/action/execute" | ||
| + | "--capath /etc/grid-security/certificates/" | ||
| + | "--certificate /etc/grid-security/hostcert.pem" | ||
| + | "--key /etc/grid-security/hostkey.pem"<br/> | ||
| + | # Policies: | ||
| + | arc: | ||
| + | verify_proxy -> pepc | ||
Revision as of 18:55, 17 June 2014
Mapping to pool accounts
Argus in combination with lcmaps can be used to map DNs to pool accounts. In the [gridftpd] section of /etc/arc.conf include the following:
unixmap="* lcmaps liblcmaps.so /usr/lib64 /etc/lcmaps/lcmaps.db voms" unixmap="nobody:nobody all"
where /etc/lcmaps/lcmaps.db is
path = /usr/lib64/lcmaps
verify_proxy = "lcmaps_verify_proxy.mod" "-certdir /etc/grid-security/certificates" "--discard_private_key_absence" "--allow-limited-proxy"
pepc = "lcmaps_c_pep.mod" "--pep-daemon-endpoint-url https://lcgargus02.gridpp.rl.ac.uk:8154/authz" "--resourceid http://authz-interop.org/xacml/resource/resource-type/arc" "--actionid http://glite.org/xacml/action/execute" "--capath /etc/grid-security/certificates/" "--certificate /etc/grid-security/hostcert.pem" "--key /etc/grid-security/hostkey.pem"
# Policies: arc: verify_proxy -> pepc
