Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling Grids for E-sciencE INFSO-RI Virtual Ids and VOMS integration DPM supports virual Ids and VOMS : –each user/group is internally mapped.

Published byBetty Dixon Modified over 8 years ago

Similar presentations

Presentation on theme: "Enabling Grids for E-sciencE INFSO-RI Virtual Ids and VOMS integration DPM supports virual Ids and VOMS : –each user/group is internally mapped."— Presentation transcript:

1 Enabling Grids for E-sciencE INFSO-RI-508833 1 Virtual Ids and VOMS integration DPM supports virual Ids and VOMS : –each user/group is internally mapped to a "virtual Id". –This allows Access Control Lists (ACLs) to be fully supported. DNs are mapped to virtual UIDs: the virtual uid is created on the fly the first time the system receives a request for this DN (no pool account) VOMS roles are mapped to virtual GIDs A given user may have one DN and several roles, so a given user may be mapped to one UID and several GIDs Currently only the primary role is used in DPM –Two different VOMS roles are mapped to two different gids –The same user might not be able to access his/her own file, depending on his/her VOMS credentials Support for normal proxies and VOMS proxies

2 Enabling Grids for E-sciencE INFSO-RI-508833 2 DPNS metadata and Virtual ids mapping tables –The mappings are stored in :  the Cns_userinfo table, for the users  the Cns_groupinfo table, for the groups –When the user issues a grid-proxy-init or voms-proxy-init without VOMS parameters, the /opt/lcg/etc/lcgdm-mapfile file is used to know to which group the user should be mapped. CNS_USERINFO USERID 18947 USERNAME /C=CH/O=CERN/OU=GRID/CN=Sophie Lemaitre 2268 CNS_GROUPINFO GID 2688 GROUPNAME dteam CNS_FILE_METADATA Fileid 246 Parent_fileid 245 Name file01.log Guid a8d6ac51-e4d4-4f3d-bfa6-755d7554544c Owner_uid 1250 Gid 1399 ACL … mysql> select * from Cns_groupinfo; +-------+------+--------+ | rowid | gid | groupname | +-------+------+--------+ | 1 | 2688 | dteam | | …. | 13 | 34003 | atlas/Role=production |.. | 25 | 34008 | atlas/Role=lcgadmin |

3 Enabling Grids for E-sciencE INFSO-RI-508833 3 User / group mapping No valid proxy –“No valid credential found” User DN –Added automatically to Cns_userinfo, if it doesn’t exist User group –grid-proxy-init or simple voms-proxy-init  Group taken from /opt/lcg/etc/lcgdm-mapfile –voms-proxy-init –voms myVO  Group taken from the VOMS role  Added automatically, if doesn’t exist "/C=CH/O=CERN/OU=GRID/CN=Simone Campana 7461 - ATLAS" atlas "/C=CH/O=CERN/OU=GRID/CN=Sophie Lemaitre 2268" dteam atlas atlas/Role=lcgadmin atlas/Role=production Cns_groupinfo

Download ppt "Enabling Grids for E-sciencE INFSO-RI Virtual Ids and VOMS integration DPM supports virual Ids and VOMS : –each user/group is internally mapped."

Similar presentations

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.
Www.eu-eela.eu E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.

E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.

INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.
GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.

GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.

INFSO-RI Enabling Grids for E-sciencE XACML and G-PBox update MWSG 14-15/09/2005 Presenter: Vincenzo Ciaschini.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,
DPM CCRC - 1 Research and developments DPM status and plans Jean-Philippe Baud.

DPM CCRC - 1 Research and developments DPM status and plans Jean-Philippe Baud.
LFC tutorial Jean-Philippe Baud, IT-GT, CERN July 2010.

LFC tutorial Jean-Philippe Baud, IT-GT, CERN July 2010.
VOMS Alessandra Forti HEP Sysman meeting 27-28 April 2005.

VOMS Alessandra Forti HEP Sysman meeting April 2005.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.

Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,

EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
Eric Shook, Anand Padmanabhan Grid Research & educatiOn IoWa (GROW) ITS Academic Technologies – Research Services The University of Iowa Iowa City,

Eric Shook, Anand Padmanabhan Grid Research & educatiOn IoWa (GROW) ITS Academic Technologies – Research Services The University of Iowa Iowa City,
Grid User Management System Gabriele Carcassi HEPIX 2004 18 October 2004.

Grid User Management System Gabriele Carcassi HEPIX October 2004.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org DPM Administration Jean-Philippe Baud (Sophie Lemaitre)

INFSO-RI Enabling Grids for E-sciencE DPM Administration Jean-Philippe Baud (Sophie Lemaitre)
Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.

Maarten Litmaath (CERN), GDB meeting, CERN, 2006/02/08 VOMS deployment Extent of VOMS usage in LCG-2 –Node types gLite 3.0 Issues Conclusions.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org ATLAS DDM Operations - III DPM at T2’s Jiří Chudoba ATLAS meeting, 25.9.2007, CNAF.

INFSO-RI Enabling Grids for E-sciencE ATLAS DDM Operations - III DPM at T2’s Jiří Chudoba ATLAS meeting, , CNAF.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.

INFSO-RI Enabling Grids for E-sciencE GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE Apr. 25, 2009 www.eu-egee.org Grid Computing Hands On Training for Users Faculty of Sciences, University.

EGEE-III INFSO-RI Enabling Grids for E-sciencE Apr. 25, Grid Computing Hands On Training for Users Faculty of Sciences, University.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org OGSA DAI Data Access and Integration Marek Ciglan Institute of Informatics, Slovac Academy.

INFSO-RI Enabling Grids for E-sciencE OGSA DAI Data Access and Integration Marek Ciglan Institute of Informatics, Slovac Academy.

Similar presentations

Ads by Google