Difference between revisions of "How to ban users with quattor"
From PDP/Grid Wiki
Jump to navigationJump to searchLine 1: | Line 1: | ||
− | Unfortunately, there is no universal method to ban grid users from using gLite services. Below is the summary | + | Unfortunately, there is no universal method to ban grid users from using gLite services. Below is the summary of services and the method of banning. Note that both the implementation and the documentation need to be improved! |
* lcg-CE, classic-SE: the banned user DNs need to be stored in /opt/edg/etc/lcas/ban_users.db and /opt/glite/etc/lcas/ban_users.db. The template $L/cfg/sites/ndpf/site/banned_users.tpl takes care of this. | * lcg-CE, classic-SE: the banned user DNs need to be stored in /opt/edg/etc/lcas/ban_users.db and /opt/glite/etc/lcas/ban_users.db. The template $L/cfg/sites/ndpf/site/banned_users.tpl takes care of this. | ||
− | * WMS: | + | * WMS: the banned used DNs have to be present in the file /opt/glite/etc/glite_wms_wmproxy.gacl. The quattor template $L/cfg/sites/ndpf/site/users_gacl_wms.tpl takes care of this. |
* DPM: the banned user DNs need to be mapped to a non-existing Unix account in /opt/lcg/etc/lcgdm-mapfile-local. This cannot yet be accomplished via our quattor setup. | * DPM: the banned user DNs need to be mapped to a non-existing Unix account in /opt/lcg/etc/lcgdm-mapfile-local. This cannot yet be accomplished via our quattor setup. | ||
* MyProxy (PX): To be completed | * MyProxy (PX): To be completed |
Revision as of 15:34, 8 May 2009
Unfortunately, there is no universal method to ban grid users from using gLite services. Below is the summary of services and the method of banning. Note that both the implementation and the documentation need to be improved!
- lcg-CE, classic-SE: the banned user DNs need to be stored in /opt/edg/etc/lcas/ban_users.db and /opt/glite/etc/lcas/ban_users.db. The template $L/cfg/sites/ndpf/site/banned_users.tpl takes care of this.
- WMS: the banned used DNs have to be present in the file /opt/glite/etc/glite_wms_wmproxy.gacl. The quattor template $L/cfg/sites/ndpf/site/users_gacl_wms.tpl takes care of this.
- DPM: the banned user DNs need to be mapped to a non-existing Unix account in /opt/lcg/etc/lcgdm-mapfile-local. This cannot yet be accomplished via our quattor setup.
- MyProxy (PX): To be completed