Re: [Condor-users] GSI authentication succeeds but authorization fails

[Scott Koranda <skoranda@xxxxxxxxxxxxxxxxxxxx>]

> > 
> > Why am I not authorized?
> 
> the log shows you are being mapped to skoranda@xxxxxxxxxxxxxxxxxxxxxxx while
> the allow list has:
>   ALLOW_READ = skoranda@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu
> 
> basically, your authz rule is missing the 'ldg-portal' on the left hand side
> of the slash.
> 
> i think you meant to write:
>   ALLOW_READ = skoranda@xxxxxxxxxxxxxxxxxxxxxxx/ldg-portal.phys.uwm.edu

I don't understand.

The manual indicates that the form is

"Each macro is defined by a comma-separated list of fully
qualified users. Each fully qualified user is described using
the following format:

    username@domain/hostname

The information to the left of the slash character describes a
user within a domain. The information to the right of the
slash character describes one or more machines from which the
user would be issuing a command. This host name may take the
form of either a fully qualified host name of the form

bird.cs.wisc.edu

or an IP address of the form

128.105.128.0

An example is

zmiller@xxxxxxxxxxx/bird.cs.wisc.edu"

How does skoranda@xxxxxxxxxxxx/ldg-portal.phys.uwm.edu differ
from zmiller@xxxxxxxxxxx/bird.cs.wisc.edu ?

Scott




> 
> 
> cheers,
> -zach
> 
> _______________________________________________
> Condor-users mailing list
> To unsubscribe, send a message to condor-users-request@xxxxxxxxxxx with a
> subject: Unsubscribe
> You can also unsubscribe by visiting
> https://lists.cs.wisc.edu/mailman/listinfo/condor-users
> 
> The archives can be found at: 
> https://lists.cs.wisc.edu/archive/condor-users/