Further to the original post by Graeme
'to voms or not to voms'. The Nikhef documentation has been thoroughly overhauled and I have now been able to switch lcmaps in CREAM and SCAS over to use local unix group mappings before pool accounts, if they exist.
The main changes are changing localaccount to pull in the glasgow centric grid-mapfile.
localaccount = "lcmaps_localaccount.mod"
" -gridmapfile /usr/local/etc/grid-mapfile-local"
# " -gridmapfile /etc/grid-security/grid-mapfile"
Some small tweaks are required to move localaccount from the last check to the first check. If this is successful it uses that account, otherwise it moves to check voms and pool accounts.
glexec_get_account:
proxycheck -> localaccount
localaccount -> good | vomslocalgroup
#proxycheck -> vomslocalgroup
vomslocalgroup -> vomspoolaccount | poolaccount
vomspoolaccount -> good | vomslocalaccount
vomslocalaccount -> good | poolaccount
poolaccount -> good #| localaccount
glexec_verify_account:
proxycheck -> localaccount
localaccount -> good | vomslocalgroup
#proxycheck -> vomslocalgroup
vomslocalgroup -> vomspoolaccount | poolaccount
vomspoolaccount -> good | vomslocalaccount
vomslocalaccount -> good | poolaccount
poolaccount -> good #| localaccount
SCAS is works in the same way and all that is required is to change the localaccount setting to pull in our Glasgow local grid-mapfile a'la
localaccount = "lcmaps_localaccount.mod"
" -gridmapfile /usr/local/etc/grid-mapfile-local"
# " -gridmapfile /etc/grid-security/grid-mapfile"
Job done. I can now flit between gla or pool accounts depending on my existence in
/usr/local/etc/grid-mapfile-local
Job id Name User Time Use S Queue
------------------------- ---------------- --------------- -------- - -----
2013.svr008 cream_441636610 ssp001 0 R q2d
2014.svr008 cream_963867097 gla057 0 Q q2d