Difference between revisions of "User:Dennisvd@nikhef.nl/lijmwijzer"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 9: Line 9:
  
 
There are several options for centrally managing grid security policies, but the ARGUS authorization service is the framework of choice now and in the future. There are some special cases which require an alternative approach as detailed below.
 
There are several options for centrally managing grid security policies, but the ARGUS authorization service is the framework of choice now and in the future. There are some special cases which require an alternative approach as detailed below.
 +
 +
== Special Cases ==
 +
 +
The following items should be considered before a final choice can be made.
 +
 +
=== LDAP enforcement ===
 +
 +
The LCMAPS plugin for LDAP enforcement is used for sites that have dynamic mappings to users and groups, which requires a modification of the LDAP database every time a (new) mapping is done. Applies to: WN, CE.
 +
 +
On the WN:
 +
get_account_on_wn:
 +
verify_proxy -> scas_client
 +
scas_client -> ldap_enf
 +
ldap_enf -> posix_enf
 +
 +
On the CE:
 +
get_account_on_ce:
 +
scas_client -> ldap_enf
 +
ldap_enf -> posix_enf
 +
 +
On SCAS:
 +
get_account_on_scas:
 +
voms_pool_group -> voms_local_group
 +
voms_local_group -> voms_pool_account
 +
 +
 +
=== AFS integration ===
 +
 +
=== Third party plugins ===
 +
 +
=== Central account mapping ===
 +
 +
== Service types ==
 +
 +
=== Worker Node ===
 +
 +
=== Compute Element ===
 +
 +
=== Storage Element ===
 +
 +
=== Workload Management System ===

Revision as of 12:54, 19 April 2010

De LCMAPS lijmwijzer. Nederlandse tekst is concepttekst.


The universal guide to setting up Grid security middleware at your site

This guide will help you choose and configure security middleware components to suite the local setup at your site. Warning: this advice given by this guide won't replace applying good security practices for grid sites.

The following guide applies to sites that are part of the EGEE grid infrastructure.

There are several options for centrally managing grid security policies, but the ARGUS authorization service is the framework of choice now and in the future. There are some special cases which require an alternative approach as detailed below.

Special Cases

The following items should be considered before a final choice can be made.

LDAP enforcement

The LCMAPS plugin for LDAP enforcement is used for sites that have dynamic mappings to users and groups, which requires a modification of the LDAP database every time a (new) mapping is done. Applies to: WN, CE.

On the WN:

get_account_on_wn:
verify_proxy -> scas_client
scas_client -> ldap_enf
ldap_enf -> posix_enf

On the CE:

get_account_on_ce:
scas_client -> ldap_enf
ldap_enf -> posix_enf

On SCAS:

get_account_on_scas:
voms_pool_group -> voms_local_group
voms_local_group -> voms_pool_account

AFS integration

Third party plugins

Central account mapping

Service types

Worker Node

Compute Element

Storage Element

Workload Management System