[gin-data] Re: progress...

William E. Allcock allcock at mcs.anl.gov
Thu Jul 27 13:29:39 CDT 2006 

I hate it when reality rears it's ugly head! :-).  That makes sense.  Thanks
for the discussion.  I appreciate everyone's help.

Bill 

> -----Original Message-----
> From: David Wallom [mailto:david.wallom at oerc.ox.ac.uk] 
> Sent: Thursday, July 27, 2006 1:02 PM
> To: allcock at mcs.anl.gov; 'Jules Wolfrat'; Erwin Laure; 
> 'Gregor von Laszewski'
> Cc: gin-data at ggf.org; 'Mihael Hategan'; 'Raj Kettimuthu'
> Subject: Re: [gin-data] Re: progress...
> 
> Hi Bill,
> 
> The only problem with that is that the <DN>->user mapping 
> works well for
> 10->100 users. With a campus infrastructure for example 
> though where you
> will probably have up to 14000 users it is impractical.
> 
> Cheers
> David
> 
> 
> On 27/7/06 16:33, "William E. Allcock" <allcock at mcs.anl.gov> wrote:
> 
> >> 
> >> DEISA isn't using pool accounts, at least not up to now. 
> So auditing
> >> isn't the problem.
> >> On the other hand we still have to set up GridFTP services
> >> within DEISA
> >> (GPFS is now the way to distribute data), but I guess we 
> will use the
> >> same set up as for our other services and have a direct
> >> mapping between
> >> grid credentials and uids.
> >> 
> >> But in case of pool accounts, can't you find the credentials in the
> >> GridFTP logs? Of course you must archive them and it may take some
> >> effort to find out.
> > 
> > Yes, you could, if you have the logging level set 
> appropriately, and, as you
> > say, you have to archive them.  I just find it surprising 
> that paranoid
> > security types are willing to rely on a services logs 
> rather than something
> > in the authentication process itself that they can KNOW 
> will be there.
> > 
> > Cheers,
> > 
> > Bill
> > 
> > 
> >> 
> >> Cheers,
> >> 
> >> Jules
> >>> 
> >>> Bill 
> >>> 
> >>>> -----Original Message-----
> >>>> From: David Wallom [mailto:david.wallom at oerc.ox.ac.uk]
> >>>> Sent: Thursday, July 27, 2006 8:42 AM
> >>>> To: allcock at mcs.anl.gov; Erwin Laure; 'Gregor von Laszewski'
> >>>> Cc: gin-data at ggf.org; 'Mihael Hategan'; 'Raj Kettimuthu'
> >>>> Subject: Re: [gin-data] Re: progress...
> >>>> 
> >>>> Hello Bill,
> >>>> 
> >>>> That is a gridmapfile that uses the pool accounts patch that
> >>>> was applied
> >>>> through EDG. Within the UK we have a patch to make this work
> >>>> with both PreWS
> >>>> & WS version of GT4 if you want.
> >>>> 
> >>>> Cheers
> >>>> 
> >>>> David
> >>>> 
> >>>> 
> >>>> On 27/7/06 14:35, "William E. Allcock"
> >> <allcock at mcs.anl.gov> wrote:
> >>>> 
> >>>>> Never having used VOMS, I guess I am also a little
> >>>> confused.  I went to the
> >>>>> registration page, and I looked in the gridmapfile.
> >>>> However, the gridmap
> >>>>> file isn't really a gridmap file, because it doesn't
> >>>> actually map anything.
> >>>>> It has a list of DNs, but there are no accounts associated
> >>>> with them, which
> >>>>> is what the gridmap file does.  So, I think Gregor's (and
> >>>> my) question is,
> >>>>> what account will the GridFTP server that gets invoked be
> >>>> run under?  Or
> >>>>> does each Grid take responsibility for mapping it to some
> >>>> appropriately
> >>>>> restricted account and we can just not worry about that?
> >>>>> 
> >>>>> Bill 
> >>>>> 
> >>>>>> -----Original Message-----
> >>>>>> From: owner-gin-data at ggf.org [mailto:owner-gin-data at ggf.org]
> >>>>>> On Behalf Of Erwin Laure
> >>>>>> Sent: Thursday, July 27, 2006 4:22 AM
> >>>>>> To: Gregor von Laszewski
> >>>>>> Cc: gin-data at ggf.org; Mihael Hategan; Raj Kettimuthu
> >>>>>> Subject: [gin-data] Re: progress...
> >>>>>> 
> >>>>>> Hi Gregor,
> >>>>>> 
> >>>>>> You can get an initial list of Grids for testing purposes from:
> >>>>>> http://wiki.nesc.ac.uk/read/gin-jobs?GinResources
> >>>>>> 
> >>>>>> Why do you need accounts on these Grids? Wouldn't simply
> >>>>>> joining the GIN
> >>>>>> VO do? Information on how to join the VO is available at
> >>>>>> http://wiki.nesc.ac.uk/read/gin-jobs
> >>>>>> This VO is supported by all GIN sites.
> >>>>>> 
> >>>>>> Cheers,
> >>>>>> 
> >>>>>> -- Erwin
> >>>>>> 
> >>>>>> Gregor von Laszewski wrote:
> >>>>>>> Erwin:
> >>>>>>> 
> >>>>>>>     we have tested our tool and it works as expected.
> >>>>>> However, there is
> >>>>>>> some issue in regards to renewing accounts and alloctaions
> >>>>>> on TG to  run
> >>>>>>> this that are not yet resolved. To no longer delay the
> >>>>>> publication of
> >>>>>>> the data, we have involved Raj that will start the  program
> >>>>>> for us on 
> >>>>>>> the TG. We hope this takes place tomorrow. This  also
> >>>>>> allows us to test
> >>>>>>> the "easy deploy" requirement of the systems  so it could
> >>>>>> be replicated
> >>>>>>> on other systems. Mike is improving the  documentation to
> >>>> make this
> >>>>>>> happening.
> >>>>>>> 
> >>>>>>> In return we have one question that we issued to this
> >>>>>> mailinglist  before:
> >>>>>>> 
> >>>>>>> On which other Grids should we test our software?
> >>>>>>> Is there someone in the GIN working group that can let us
> >>>>>> know which  
> >>>>>>> Grids we should approach next? From the experience we had with
> >>>>>>> obtaining accouts, it looks like we want to get this
> >>>>>> established  ASAP.
> >>>>>>> in order to start the application program. We probably need
> >>>>>>  some kind 
> >>>>>>> of "sponsor" or "champion" to push this out on the other
> >>>>>> Grids. So if
> >>>>>>> there are people from other Grids (other than TG) in
> >>> this working
> >>>>>>> group, maybe you can let us know how we should
> >> approach  getting
> >>>>>>> accounts on your Grids.
> >>>>>>> 
> >>>>>>> I would assume this applies also to the other technologies
> >>>>>> from the  
> >>>>>>> GIN-WG, do you have a uniform project description that
> >>> I can point
> >>>>>>> other Grids to as part of the application process?
> >>>>>>> 
> >>>>>>> Gregor
> >>>>>>> 
> >>>>>>> 
> >>>>>>> On Jul 25, 2006, at 4:39 AM, Erwin Laure wrote:
> >>>>>>> 
> >>>>>>>> Hi,
> >>>>>>>> 
> >>>>>>>> GGF18 is coming up soon. Could we please get an update on
> >>>>>> the  interop
> >>>>>>>> tests of SRB, SRM, and gridFTP?
> >>>>>>>> 
> >>>>>>>> We will use this information to make an interop matrix
> >>>>>> available on
> >>>>>>>> the GIN gridforge pages.
> >>>>>>>> 
> >>>>>>>> Also, we should prepare instructions of how people can
> >>> run these
> >>>>>>>> tests themselves, i.e. test, whether their infrastructure is
> >>>>>>>> interoperable with others.
> >>>>>>>> 
> >>>>>>>> Cheers,
> >>>>>>>> 
> >>>>>>>> -- Erwin
> >>>>>>>> 
> >>>>>>> 
> >>>>>> 
> >>>>>> 
> >>>>> 
> >>>>> 
> >>>> 
> >>>> -- 
> >>>> +++++++++++++++++++++++++++++++++
> >>>> Dr. David Wallom
> >>>> Technical Manager
> >>>> Oxford e-Research Centre
> >>>> University of Oxford
> >>>> c/o OUCS
> >>>> 13 Banbury Road
> >>>> Oxford
> >>>> OX2 6NN
> >>>> 
> >>>> Tel  : +44 (0)1865 283378
> >>>> email: david.wallom at oerc.ox.ac.uk
> >>>> 
> >>>> PLEASE NOTE THE NEW EMAIL ADDRESS as OERC.OX.AC.UK
> >>>> IERC WILL CONTINUE TO RECEIVE EMAIL FOR THE NEXT
> >>>> FEW MONTHS BUT WILL EVENTUALLY PHASE OUT. PLEASE
> >>>> CHANGE YOUR ADDRESS BOOK APPROPRIATELY
> >>>> 
> >>>> +++++++++++++++++++++++++++++++++
> >>>> 
> >>>> 
> >>>> 
> >>> 
> >>> 
> >> 
> >> 
> > 
> > 
> 
> -- 
> +++++++++++++++++++++++++++++++++
> Dr. David Wallom
> Technical Manager
> Oxford e-Research Centre
> University of Oxford
> c/o OUCS
> 13 Banbury Road
> Oxford
> OX2 6NN
> 
> Tel  : +44 (0)1865 283378
> email: david.wallom at oerc.ox.ac.uk
> 
> PLEASE NOTE THE NEW EMAIL ADDRESS as OERC.OX.AC.UK
> IERC WILL CONTINUE TO RECEIVE EMAIL FOR THE NEXT
> FEW MONTHS BUT WILL EVENTUALLY PHASE OUT. PLEASE
> CHANGE YOUR ADDRESS BOOK APPROPRIATELY
> 
> +++++++++++++++++++++++++++++++++
> 
> 
>

More information about the gin-data mailing list