Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] ALLOW_ macros for user authorization
- Date: Tue, 25 Sep 2007 16:03:24 -0500
- From: Zachary Miller <zmiller@xxxxxxxxxxx>
- Subject: Re: [Condor-users] ALLOW_ macros for user authorization
On Tue, Sep 25, 2007 at 03:52:11PM -0500, Scott Koranda wrote:
> Hi,
>
> Last question for today (I hope)...
>
> I now have on my test box
>
> ALLOW_READ = skoranda@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu,condor@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu
>
> Suppose I want to add 100 new users? How far can I scale the
> ALLOW_READ line?
>
> Can I break the entries over multiple lines?
you can. use a backslash for line continuation.
or, you can use a wildcard like so:
ALLOW_READ = *@phys.uwm.edu/ldg-portal.phys.uwm.edu
obviously, this won't be as restrictive as whitelisting all 100 names.
but each user will still have to have 1) a valid GSI credential, and 2) an
entry in the grid map file. so perhaps you could use the grid map file as
your whitelist and just use a * in the ALLOW_READ entry. (unless your grid
map file contains other users @phys.uwm.edu that you do not want to allow)
cheers,
-zach