Hi, Hornoy Francois wrote: > Quoting Hamza Mehammed <[EMAIL PROTECTED]>: > > > Hi, > > >> Hi, >> >> Hornoy Francois wrote: >> >>> Quoting Ketan C Maheshwari <[EMAIL PROTECTED]>: >>> >>> >>> >>>> Hornoy Francois wrote: >>>> >>>> >>>>> Hello, >>>>> >>>>> Something i have not really understood yet: i'm following the tutorial >>>>> >> on >> >>>>> >>>>> >>>> the >>>> >>>> >>>>> GlobusConsortium website. >>>>> >>>>> If a client (let's say "bob") wants to run a job on a Globus remote >>>>> >>>>> >>>> machine, >>>> >>>> >>>>> there must be a "bob" UNIX account on the Globus remote machine ? >>>>> >>>>> >>>>> >>>> nopes, as long as i understand, the globus machine's grid-mapfile must >>>> map that users' DN to his/her accountname and a separate account on >>>> globus machine is not required. >>>> >>>> >>> Okay. But when if i run: >>> >>> [EMAIL PROTECTED] ~]# grid-mapfile-check-consistency >>> Checking /etc/grid-security/grid-mapfile grid mapfile >>> Verifying grid mapfile existence...OK >>> Checking for duplicate entries...OK >>> Checking for valid user names... >>> ERROR: bob is not a valid local username >>> ERROR: Found 1 invalid username(s) >>> >>> So, how should i deal with this? >>> >>> >> The DN of bob must be mapped to the unix Account belonging to bob. I >> think you are mapping the DN of bob to the account bob which seems to be >> not existing. You have to either create an account bob or map the DN of >> bob to his account. >> > > Hum.. still don't get it :( > > On my "Globus" machine, i have 2 accounts: root and globus. > A client (username=bob) wants to launch job/transfer on that Globus remote > machine. > > So, may i map this client's DN with the local "globus" account ? >
You have to create an account for bob in you globus machine since mapping him to globus is not a good idea. The idea is that globus makes sudo to that account to perform all the tasks for that user. So, in this way every user has his own working environment on the globus machine. I hope it is clear now. Cheers, Hamza > Any useful link about this delegating stuff ? > > > Cheers, > > Francois. > > > >> Cheers, >> Hamza >> >> >>> Thks, Francois. >>> >>> >>> >>> >>>> For those tasks that needs >>>> authentication the client must delegate his/her credentials to globus >>>> user to perform them on clients behalf. >>>> >>>> >>>>> Or shall i map every user certificate subjects in the grid-mapfile to >>>>> >> the >> >>>>> >>>>> >>>> local >>>> >>>> >>>>> user "globus" ? >>>>> >>>>> >>>>> >>>> delegation is a cleaner solution. >>>> >>>> >>>>> Thanks for helping, >>>>> >>>>> Bye, Francois. >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>> >>> >>> > > > >
begin:vcard fn:Hamza Mehammed n:Mehammed;Hamza org:Leibniz-Rechenzentrum;Hochleistungssysteme adr;quoted-printable;quoted-printable:;;Barer Str. 21 (from May Boltzmannstra=C3=9Fe 1) ;M=C3=BCnchen (from May Garching);Bayern;80333 (from May 85748) ;Germany email;internet:mehammed_AT_lrz.de title:Diplom-Informatiker tel;work:+49-89-289-27824 (from May +49-89-35831-7824) tel;fax:+49-89-280-9460 (from May +49-89-35831-9700) url:http://www.lrz-muenchen.de/persons/hamza_mehammed.html version:2.1 end:vcard
