[gin-data] Re: progress...

William E. Allcock allcock at mcs.anl.gov
Thu Jul 27 10:33:06 CDT 2006 

> 
> DEISA isn't using pool accounts, at least not up to now. So auditing
> isn't the problem. 
> On the other hand we still have to set up GridFTP services 
> within DEISA
> (GPFS is now the way to distribute data), but I guess we will use the
> same set up as for our other services and have a direct 
> mapping between
> grid credentials and uids.
> 
> But in case of pool accounts, can't you find the credentials in the
> GridFTP logs? Of course you must archive them and it may take some
> effort to find out.

Yes, you could, if you have the logging level set appropriately, and, as you
say, you have to archive them.  I just find it surprising that paranoid
security types are willing to rely on a services logs rather than something
in the authentication process itself that they can KNOW will be there.

Cheers,

Bill


> 
> Cheers,
> 
> Jules
> > 
> > Bill 
> > 
> > > -----Original Message-----
> > > From: David Wallom [mailto:david.wallom at oerc.ox.ac.uk] 
> > > Sent: Thursday, July 27, 2006 8:42 AM
> > > To: allcock at mcs.anl.gov; Erwin Laure; 'Gregor von Laszewski'
> > > Cc: gin-data at ggf.org; 'Mihael Hategan'; 'Raj Kettimuthu'
> > > Subject: Re: [gin-data] Re: progress...
> > > 
> > > Hello Bill,
> > > 
> > > That is a gridmapfile that uses the pool accounts patch that 
> > > was applied
> > > through EDG. Within the UK we have a patch to make this work 
> > > with both PreWS
> > > & WS version of GT4 if you want.
> > > 
> > > Cheers
> > > 
> > > David
> > > 
> > > 
> > > On 27/7/06 14:35, "William E. Allcock" 
> <allcock at mcs.anl.gov> wrote:
> > > 
> > > > Never having used VOMS, I guess I am also a little 
> > > confused.  I went to the
> > > > registration page, and I looked in the gridmapfile.  
> > > However, the gridmap
> > > > file isn't really a gridmap file, because it doesn't 
> > > actually map anything.
> > > > It has a list of DNs, but there are no accounts associated 
> > > with them, which
> > > > is what the gridmap file does.  So, I think Gregor's (and 
> > > my) question is,
> > > > what account will the GridFTP server that gets invoked be 
> > > run under?  Or
> > > > does each Grid take responsibility for mapping it to some 
> > > appropriately
> > > > restricted account and we can just not worry about that?
> > > > 
> > > > Bill 
> > > > 
> > > >> -----Original Message-----
> > > >> From: owner-gin-data at ggf.org [mailto:owner-gin-data at ggf.org]
> > > >> On Behalf Of Erwin Laure
> > > >> Sent: Thursday, July 27, 2006 4:22 AM
> > > >> To: Gregor von Laszewski
> > > >> Cc: gin-data at ggf.org; Mihael Hategan; Raj Kettimuthu
> > > >> Subject: [gin-data] Re: progress...
> > > >> 
> > > >> Hi Gregor,
> > > >> 
> > > >> You can get an initial list of Grids for testing purposes from:
> > > >> http://wiki.nesc.ac.uk/read/gin-jobs?GinResources
> > > >> 
> > > >> Why do you need accounts on these Grids? Wouldn't simply
> > > >> joining the GIN 
> > > >> VO do? Information on how to join the VO is available at
> > > >> http://wiki.nesc.ac.uk/read/gin-jobs
> > > >> This VO is supported by all GIN sites.
> > > >> 
> > > >> Cheers,
> > > >> 
> > > >> -- Erwin
> > > >> 
> > > >> Gregor von Laszewski wrote:
> > > >>> Erwin:
> > > >>> 
> > > >>>     we have tested our tool and it works as expected.
> > > >> However, there is
> > > >>> some issue in regards to renewing accounts and alloctaions
> > > >> on TG to  run 
> > > >>> this that are not yet resolved. To no longer delay the
> > > >> publication of 
> > > >>> the data, we have involved Raj that will start the  program
> > > >> for us on 
> > > >>> the TG. We hope this takes place tomorrow. This  also
> > > >> allows us to test
> > > >>> the "easy deploy" requirement of the systems  so it could
> > > >> be replicated 
> > > >>> on other systems. Mike is improving the  documentation to 
> > > make this
> > > >>> happening.
> > > >>> 
> > > >>> In return we have one question that we issued to this
> > > >> mailinglist  before:
> > > >>> 
> > > >>> On which other Grids should we test our software?
> > > >>> Is there someone in the GIN working group that can let us
> > > >> know which  
> > > >>> Grids we should approach next? From the experience we had with
> > > >>> obtaining accouts, it looks like we want to get this
> > > >> established  ASAP.
> > > >>> in order to start the application program. We probably need
> > > >>  some kind 
> > > >>> of "sponsor" or "champion" to push this out on the other
> > > >> Grids. So if 
> > > >>> there are people from other Grids (other than TG) in  
> > this working
> > > >>> group, maybe you can let us know how we should 
> approach  getting
> > > >>> accounts on your Grids.
> > > >>> 
> > > >>> I would assume this applies also to the other technologies
> > > >> from the  
> > > >>> GIN-WG, do you have a uniform project description that 
> > I can point
> > > >>> other Grids to as part of the application process?
> > > >>> 
> > > >>> Gregor
> > > >>> 
> > > >>> 
> > > >>> On Jul 25, 2006, at 4:39 AM, Erwin Laure wrote:
> > > >>> 
> > > >>>> Hi,
> > > >>>> 
> > > >>>> GGF18 is coming up soon. Could we please get an update on
> > > >> the  interop 
> > > >>>> tests of SRB, SRM, and gridFTP?
> > > >>>> 
> > > >>>> We will use this information to make an interop matrix
> > > >> available on  
> > > >>>> the GIN gridforge pages.
> > > >>>> 
> > > >>>> Also, we should prepare instructions of how people can 
> > run these
> > > >>>> tests themselves, i.e. test, whether their infrastructure is
> > > >>>> interoperable with others.
> > > >>>> 
> > > >>>> Cheers,
> > > >>>> 
> > > >>>> -- Erwin
> > > >>>> 
> > > >>> 
> > > >> 
> > > >> 
> > > > 
> > > > 
> > > 
> > > -- 
> > > +++++++++++++++++++++++++++++++++
> > > Dr. David Wallom
> > > Technical Manager
> > > Oxford e-Research Centre
> > > University of Oxford
> > > c/o OUCS
> > > 13 Banbury Road
> > > Oxford
> > > OX2 6NN
> > > 
> > > Tel  : +44 (0)1865 283378
> > > email: david.wallom at oerc.ox.ac.uk
> > > 
> > > PLEASE NOTE THE NEW EMAIL ADDRESS as OERC.OX.AC.UK
> > > IERC WILL CONTINUE TO RECEIVE EMAIL FOR THE NEXT
> > > FEW MONTHS BUT WILL EVENTUALLY PHASE OUT. PLEASE
> > > CHANGE YOUR ADDRESS BOOK APPROPRIATELY
> > > 
> > > +++++++++++++++++++++++++++++++++
> > > 
> > > 
> > > 
> > 
> > 
> 
>

More information about the gin-data mailing list