Bug 2743 – grid-mapfile location should be in global security descriptor

Bug 2743 - grid-mapfile location should be in global security descriptor

Summary:

grid-mapfile location should be in global security descriptor

Status:	RESOLVED FIXED

Product:	Java WS Security
Component:	Authentication
Version:	unspecified
Platform:	All All

Importance:	P3 major
Target Milestone:	4.0
Assigned To:	Rachana Ananthakrishnan

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2005-02-15 14:30 by Mats Rynge
Modified:	2005-04-06 13:50 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Mats Rynge 2005-02-15 14:30:50

For our Java services, the grid-mapfile location should be specified in the
global security descriptor to provide a good default and not in the services. If
I want to use an alternate grid-mapfile today, I have to set GRIDMAP for my C
tools and change the following services security configs:

[rynge@devrandom etc]$ grep -R /etc/grid-security/grid-mapfile * 2>/dev/null
globus_delegation_service/service-security-config.xml: <gridmap
value="/etc/grid-security/grid-mapfile"/>
globus_delegation_service/factory-security-config.xml: <gridmap
value="/etc/grid-security/grid-mapfile"/>
globus_wsrf_mds_index/factory-security-config.xml: <gridmap
value="/etc/grid-security/grid-mapfile"/>
globus_wsrf_mds_index/index-security-config.xml: <gridmap
value="/etc/grid-security/grid-mapfile"/>
globus_wsrf_replicator/security-config.xml: <gridmap
value="/etc/grid-security/grid-mapfile"/>
globus_wsrf_rft/security-config.xml: <gridmap
value="/etc/grid-security/grid-mapfile"/>
globus_wsrf_rft/factory-security-config.xml: <gridmap
value="/etc/grid-security/grid-mapfile"/>
gram-service/managed-job-factory-security-config.xml:    <gridmap
value="/etc/grid-security/grid-mapfile"/>


This should be fixed by

  1. adding <gridmap value="/etc/grid-security/grid-mapfile"/> 
     to globus security descriptor

  2. remove it for all the services

The idea is to have one place to edit if you want to change it, and if you want
a certain service to use a specific one, add a <gridmap> entry to only that service.

------- Comment #1 From Stuart Martin 2005-03-18 14:06:57 -------

This is a high priority for gram automated testing.  There should be a setup
package that can be called 
to change the location of the grid-mapfile programatically.

e.g. ./setup-globus-core --grid-mapfile /home/user/grid-mapfile

------- Comment #2 From Sam Meder 2005-03-18 14:21:36 -------

Seems high overhead to create a setup package for what is essentially cat
<globus sec desc>|sed 's!/etc/grid-security/grid-mapfile!<your location here>!'

/Sam

------- Comment #3 From Joe Bester 2005-03-18 14:54:02 -------

> This is a high priority for gram automated testing.  There should be a setup 
> package that can be called 
> to change the location of the grid-mapfile programatically.
> 
> e.g. ./setup-globus-core --grid-mapfile /home/user/grid-mapfile

I'd argue that we don't need that. From the GRAM standpoint, if the services did
not explicitly name the grid-mapfile, I could easily use a different container
security description file on the command line to use a custom gridmap.

joe

------- Comment #4 From Stuart Martin 2005-03-18 15:03:06 -------

Ok - sounds good to me.  no setup package required.

------- Comment #5 From Rachana Ananthakrishnan 2005-04-06 13:50:21 -------

Changes have been committed to trunk.