Follow-up Comment #1, sr #124709 (project xrootd):
VO, group & role are already filled out in Entity (and then in auth
monitoring record) by default ... one can switch this off with vomsat=0
option. Proxy must have this info, of course.
Now, about DN ... Entity.name is set to proxy hash if gmapopt is less than 10
and to DN if it is 10 or more. Then the lcmaps plugin kicks in: it uses DN
from Entity.name to lookup username in GUMS and then puts DN into
Entity.moninfo and the newly obtained username into Entity.name.
We could put DN into Entity.moninfo by default ... or add an option, like
authzdnmon that would do this.
I use gmapopt=10 at UCSD -- this means put DN into Entity.name but do not use
grid-map-file. I'm somewhat unsure what happens when grid-map stuff is
actually used.
_______________________________________________________
Reply to this item at:
<http://savannah.cern.ch/support/?124709>
_______________________________________________
Message sent via/by LCG Savannah
http://savannah.cern.ch/
