Mailing List Archives Public Access	UW Madison Computer Sciences Department Computer Systems Lab

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] SSL Certificate -> User Mapping Issue

Date: Mon, 29 Dec 2014 10:54:27 -0600
From: Zachary Miller <zmiller@xxxxxxxxxxx>
Subject: Re: [HTCondor-users] SSL Certificate -> User Mapping Issue

On Tue, Dec 23, 2014 at 04:00:59PM +1100, Peter Brady wrote:
> OK, so after sending this I went for a walk around the block to think
> this through.  I've been able to fix this via a work around.
> 
> Luckily for me I'm only testing and can roll out certificates as
> required.  In this case I can change the CN to the form of
> 
> user@domain
> 
> and then, after brushing up on PCREs, adjust the unified map to extract
> the user and domain that I require.

Glad you got that working.

> I'm still curious as to why my first attempt with GSS_ASSIST_GRIDMAP did
> not work....

The reason is that GSS_ASSIST_GRIDMAP is a token that is only looked for if the
authentication type is "GSI".  So for "SSL" it has no special meaning.

However, given that both use X.509 certificates, I think an argument could be
made that the mapfile should support it for SSL too, but I'll need to test that
out before I make any changes.

Thanks for your report.

Cheers,
-zach

Follow-Ups:
- Re: [HTCondor-users] SSL Certificate -> User Mapping Issue
  - From: Peter Brady

References:
- [HTCondor-users] SSL Certificate -> User Mapping Issue
  - From: Peter Brady
- Re: [HTCondor-users] SSL Certificate -> User Mapping Issue
  - From: Peter Brady

Prev by Date: [HTCondor-users] HTCondor 8.3.2 Released
Next by Date: Re: [HTCondor-users] Advertising a Windows machine's DSNs
Previous by thread: Re: [HTCondor-users] SSL Certificate -> User Mapping Issue
Next by thread: Re: [HTCondor-users] SSL Certificate -> User Mapping Issue
Index(es):
- Date
- Thread

Mailing List Archives

Public Access

Re: [HTCondor-users] SSL Certificate -> User Mapping Issue