Hi Jaime,
You mean in the mapfile changing:
FS /(.*)/ \1@fsauth
to I guess:
FS /(.*)/ \1@xxxxxxx@fsauth
?
The ALLOW rules Iâm a bit dubious about, sinceâ
â Iâm not sure what the implication is of having root with an fsauth domain for instance (root@xxxxxxx is not the same as a uid 0 local account). I also donât really get why we canât condor_ssh_to_job as root on the AP
to a running job of a user, or why a change in fsauth domain would solve that problem. I get I suppose why
bejones@xxxxxxx might != bejones@fsauth (though, again, I thought UID_DOMAIN was for that), but I donât get what might be stopping root@fsauth doing a condor_ssh_to_job to a job owned by bejones or
bejones@xxxxxxx when either itâs a queue super user or it isnât.
cheers,
Ben
|