[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Condor-users] ALLOW_ macros for user authorization
- Date: Tue, 25 Sep 2007 16:03:24 -0500
- From: Zachary Miller <zmiller@xxxxxxxxxxx>
- Subject: Re: [Condor-users] ALLOW_ macros for user authorization
On Tue, Sep 25, 2007 at 03:52:11PM -0500, Scott Koranda wrote:
> Last question for today (I hope)...
> I now have on my test box
> ALLOW_READ = skoranda@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu,condor@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu
> Suppose I want to add 100 new users? How far can I scale the
> ALLOW_READ line?
> Can I break the entries over multiple lines?
you can. use a backslash for line continuation.
or, you can use a wildcard like so:
ALLOW_READ = *@phys.uwm.edu/ldg-portal.phys.uwm.edu
obviously, this won't be as restrictive as whitelisting all 100 names.
but each user will still have to have 1) a valid GSI credential, and 2) an
entry in the grid map file. so perhaps you could use the grid map file as
your whitelist and just use a * in the ALLOW_READ entry. (unless your grid
map file contains other users @phys.uwm.edu that you do not want to allow)