[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] GSI authentication succeeds but authorization fails

> > 
> > Why am I not authorized?
> the log shows you are being mapped to skoranda@xxxxxxxxxxxxxxxxxxxxxxx while
> the allow list has:
>   ALLOW_READ = skoranda@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu
> basically, your authz rule is missing the 'ldg-portal' on the left hand side
> of the slash.
> i think you meant to write:
>   ALLOW_READ = skoranda@xxxxxxxxxxxxxxxxxxxxxxx/ldg-portal.phys.uwm.edu

I don't understand.

The manual indicates that the form is

"Each macro is defined by a comma-separated list of fully
qualified users. Each fully qualified user is described using
the following format:


The information to the left of the slash character describes a
user within a domain. The information to the right of the
slash character describes one or more machines from which the
user would be issuing a command. This host name may take the
form of either a fully qualified host name of the form


or an IP address of the form

An example is


How does skoranda@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu differ
from zmiller@xxxxxxxxxxx/bird.cs.wisc.edu ?


> cheers,
> -zach
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> The archives can be found at: 
> https://lists.cs.wisc.edu/archive/condor-users/