[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] ALLOW_ macros for user authorization

On Tue, Sep 25, 2007 at 03:52:11PM -0500, Scott Koranda wrote:
> Hi,
> Last question for today (I hope)...
> I now have on my test box
> ALLOW_READ = skoranda@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu,condor@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu
> Suppose I want to add 100 new users? How far can I scale the
> ALLOW_READ line?
> Can I break the entries over multiple lines?

you can.  use a backslash for line continuation.

or, you can use a wildcard like so:
  ALLOW_READ = *@phys.uwm.edu/ldg-portal.phys.uwm.edu

obviously, this won't be as restrictive as whitelisting all 100 names.
but each user will still have to have 1) a valid GSI credential, and 2) an
entry in the grid map file.  so perhaps you could use the grid map file as
your whitelist and just use a * in the ALLOW_READ entry.  (unless your grid
map file contains other users @phys.uwm.edu that you do not want to allow)