Re: [HTCondor-users] SSL Certificate -> User Mapping Issue

[Zachary Miller <zmiller@xxxxxxxxxxx>]

On Tue, Dec 23, 2014 at 04:00:59PM +1100, Peter Brady wrote:
> OK, so after sending this I went for a walk around the block to think
> this through.  I've been able to fix this via a work around.
> 
> Luckily for me I'm only testing and can roll out certificates as
> required.  In this case I can change the CN to the form of
> 
> user@domain
> 
> and then, after brushing up on PCREs, adjust the unified map to extract
> the user and domain that I require.

Glad you got that working.


> I'm still curious as to why my first attempt with GSS_ASSIST_GRIDMAP did
> not work....

The reason is that GSS_ASSIST_GRIDMAP is a token that is only looked for if the
authentication type is "GSI".  So for "SSL" it has no special meaning.

However, given that both use X.509 certificates, I think an argument could be
made that the mapfile should support it for SSL too, but I'll need to test that
out before I make any changes.

Thanks for your report.


Cheers,
-zach