April 21, 2023

A Secure VO Software for ATLAS Grid User Management

Dantong Yu

Brookhaven National Lab

April 21, 2023

The packages I am using:• GroupMan:

• http://heppc22.hep.caltech.edu/groupman/

• VO server management tools

• http://cvs.infn.it/cgi-bin/cvsweb.cgi/Auth/VO/sbin/

• new edg-mkgridmap package

• http://www.fis.unipr.it/pub/edg/repository/datagrid/

• http://grid.sinp.msu.ru/distribution/datagrid/wp6/RPMS/

April 21, 2023

VirtualOrganization

GUMS: A scalable Grid User Management System

User info

User info

UNM

April 21, 2023

grid-mapfile generation

mkgridmap

grid-mapfile

o=atlas,dc=ppdg-atagrid,

dc=org

ou=us-atlas,OU=People ou=atlas-dc1,

CN=Dantong Yu CN=Jason Smith CN=Ed-May

DOE Science Grid

Certificate

Authorities

OU=People

CN=Dantong Yu CN=Jason Smith CN=Ed-May

CA serverVO server

April 21, 2023

Configure mkgridmap.conf #### GROUP: group URI [lcluser]

group ldaps://atlasgrid01.usatlas.bnl.gov:6220/ou=us-atlas,o=atlas,dc=ppdg-datagrid,dc=org#group ldap://grid-vo.nikhef.nl/ou=testbed1,o=atlas,dc=eu-datagrid,dc=org#group ldap://grid-vo.nikhef.nl/ou=testbed1,o=cms,dc=eu-datagrid,dc=org#### Optional - DEFAULT LOCAL USER: default_lcluser lcluserdefault_lcluser AUTO

#### Optional - AUTHORIZED VO: auth URIauth ldap:// spider.usatlas.bnl.gov /ou=people,o=o=atlas,dc=ppdg-datagrid,dc=org#### Optional - ACL: deny|allow pattern_to_matchallow *INFN*

#### Optional - GRID-MAPFILE-LOCAL #gmf_local /opt/edg/etc/grid-mapfile-local

April 21, 2023

Grid-mapfile generated….

#---The following Users are added on Wed Jun 25 12:30:18 EDT 2003----------#

"/O=doesciencegrid.org/OU=People/CN=Dantong Yu 542086" dtyu

"/O=doesciencegrid.org/OU=People/CN=Edward May 948970" enm

"/O=doesciencegrid.org/OU=People/CN=Jason A. Smith 690157" smithj4

"/O=doesciencegrid.org/OU=People/CN=Patrick T. McGuigan 843935" grid_a

"/O=doesciencegrid.org/OU=People/CN=Richard Baker 450963" rbaker

"/O=doesciencegrid.org/OU=People/CN=Robert W. Gardner Jr 663988" rwg

#--Above Users added on Wed Jun 25 12:30:18 EDT 2003-------#

April 21, 2023

Current Status

The First Stage Development Is Completed

• Available to Be Downloaded at: http://www.atlasgrid.bnl.gov/testbed/ACF-cache/mkgridmap

• Ready to Run, Detailed Man Page

April 21, 2023

CharacteristicsTractable, Flexible

Easy Installation and Management, after you do the RPM installation and setup your local configuration, the remain part will be automatically done by the software package

Cron Mode to run the script to generate the new gridmap and add them into your original grid-mapfile

The VO server could control who can access the VO server. The site has to register with the VO server.

The registration process is automatically done by the rpm installation script. It mail out the site host certificate to the VO administrator. ( Dantong is volunteer to act as the administrator)

Support GSI, every site which wants to download the VO information must has a host certificate, this host certificate is used to mutually authenticate with the VO server