[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[HTCondor-users] How to write X.509 map file and unified map file



Hi all,
the current HTCondor unified map files we use and suggest in GlideinWMS, we have a lot of escaped characters in the the DN specification.
in the manual (8.6) I found that a quoted string is sufficient and it seems there is no need for any escaping:
 3.8.3.1 GSI Authentication and in http://research.cs.wisc.edu/htcondor/manual/v8.6/3_8Security.html

Is this happening only when CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS is true?

I.e. Are these 2 equivalent? Does it depend on the setting of CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS?
GSI "^\/DC\=org\/DC\=opensciencegrid\/O\=Open\ Science\ Grid\/OU\=Services\/CN\=gwms\-host\.fnal\.gov$" vofrontend_service
GSI "/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=gwms-host.fnal.gov" vofrontend_service

For PCRE the characters to escape are ".^$*+?()[{\|", in the example above we are escaping even more, e.g. spaces. I guess it is not hurting nut is not necessary, correct?

And 2 more questions:
- About CERTIFICATE_MAPFILE_ASSUME_HASH_KEYS, if that is set to true and the regex includes spaces, do the quotes (") have to be outside or inside the "/"at the beginning and end?
- Is the behavior of the DNs in the X.509 map (GSS_ASSIST_GRIDMAP) the same?

Thank you,
Marco