Mailing List Archives
Public Access
|
|
![[Computer Systems Lab]](https://www-auth.cs.wisc.edu/pics/csl_logo.gif)
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [HTCondor-users] SSL Certificate -> User Mapping Issue
- Date: Tue, 30 Dec 2014 09:59:19 +1100
- From: Peter Brady <subscriptions@xxxxxxxxxxxxxx>
- Subject: Re: [HTCondor-users] SSL Certificate -> User Mapping Issue
On 30/12/2014 3:54 am, Zachary Miller wrote:
>> I'm still curious as to why my first attempt with GSS_ASSIST_GRIDMAP did
>> not work....
> The reason is that GSS_ASSIST_GRIDMAP is a token that is only looked for if the
> authentication type is "GSI". So for "SSL" it has no special meaning.
That makes sense.
Can you please check the manual then? My reading of the manual was that
this feature was already in place for SSL, see:
http://research.cs.wisc.edu/htcondor/manual/v8.2/3_6Security.html#SECTION00464000000000000000
"For GSI (or SSL), the special name GSS_ASSIST_GRIDMAP instructs
HTCondor to use the GSI grid map file (configured with GRIDMAP as shown
in section 3.6.3) to do the mapping. If no mapping can be found for GSI
(with or without the use of GSS_ASSIST_GRIDMAP), the user is mapped to
gsi@unmapped."
> However, given that both use X.509 certificates, I think an argument could be
> made that the mapfile should support it for SSL too, but I'll need to test that
> out before I make any changes.
I agree, for a future release it would be handy because, as you say,
they are both X.509 based.
Thanks for the response.
Cheers,
-pete
--
Peter Brady
Email: pdbrady@xxxxxxxxxx
Skype: pbrady77
Attachment:
signature.asc
Description: OpenPGP digital signature