• NAME
• SYNOPSIS
• DESCRIPTION
• OPTIONS
• SEE ALSO
• AUTHOR
• COPYRIGHT AND LICENSE

NAME

gx-gen-mapfile - Generate a grid-mapfile

SYNOPSIS

gx-gen-mapfile -help

gx-gen-mapfile [options] [grid-mapfile]

DESCRIPTION

gx-gen-mapfile, part of the gx-map system, is the third of the three phases used to generate the Globus grid-mapfile.

gx-gen-mapfile is normally run from a cron job. It reads the requests.log file and generates a new grid-mapfile from scratch as needed. If no file names are specified, a grid-mapfile is written to stdout.

OPTIONS

Option processing is done using the Perl Getopt::Long module.

Options may be specified with a single or double leading '-' character. Option names may be abbreviated to whatever is unique. Arguments may be separated either by a blank or by an '=' character. For example, ``-foobar 42'', ``--foobar=42'', and ``-foob 42'' would all be equivalent.

-help

Display a usage message and exit.

-version

Display the software version number and exit.

-requests-log file

Use specified requests log file. This option may be given multiple times, e.g., -req file1 -req file2

If not specified, use the default file, gx-map-data/requests.log, which may also be specified explicitly as -req default (the name ``default'' may not be abbreviated). It should not normally be necessary to use this option.

-permissions perm

Specify the permissions (in octal) of the generated grid-mapfile. The default is 444. The argument must be a 3-digit octal number; it should not allow untrusted users to modify the file. This is ignored if the grid-mapfile is written to stdout.

-gt2-compatible

Generate a grid-mapfile compatible with both GT2 and GT3/GT4. By default, the generated grid-mapfile is *not* compatible with GT2 for certain DNs.

GT2 used an older version of OpenSSL, which used different text representations of certain fields in DNs. The affected fields are:

    GT2: /USERID=... --> GT4: /UID=...

    GT2: /Email=... --> GT4: /emailAddress=...

The -gt2-compatible option causes duplicate entries to be generated for DNs containing these fields.

-gt3-compatible

Generate a grid-mapfile compatible with GT3 WS. The DNs differ from GT4-compatible DNs in that ``/emailAddress=...'' is represented as ``/E=...''.

The -gt3-compatible option causes duplicate entries to be generated for DNs containing this field.

Since GT3 has been superseded by GT4, this option is rarely useful.

-merge-before file

-merge-after file

Merge an existing grid-mapfile into the generated file. These options may be given multiple times, e.g.:

    -merge-before file1 -merge-before file2 -merge-after file3

Mappings from files specified with the -merge-before option at treated as if they were submitted in the past, so they'll be overridden by conflicting mappings from any request log files.

Mappings from files specified with the -merge-after option at treated as if they were submitted in the future (one hour after the current time, to avoid clock skew problems), so they'll override conflicting mappings from any request log files.

Since the gx-map system is designed to have complete control over the grid-mapfile, the -merge-before and -merge-after options allow other mechanisms to be used along with gx-map. For example, if a site automatically issues certificates for all users, an external process might maintain a grid-mapfile containing all those entries. Using this option allows this information to be integrated into the grid-mapfile, while also allowing users to add mappings for other certificates using gx-request. (Another option is to create a separate tool that invokes gx-request automatically; for example, this is done at SDSC for certificates issued by the NPACI and SDSC CAs, using the gx-check-index command).

-[no]multiple-users

By default, the generated grid-mapfile may map a single DN to multiple account names. With -nomultiple-users, all user names after the default one are commented out.

-all

Include entries for accounts that don't exist on this system. This is not normally recommended, since it makes the grid-mapfile bigger than it needs to be, but it can be useful for testing purposes to see all the mappings that gx-map knows about.

-real-name

Include each user's real name (extracted from /etc/passwd or equivalent) as a comment on the corresponding grid-mapfile entry.

-[no]rcs

Check generated grid-mapfile(s) into RCS. The RCS subdirectory is created if necessary. The default is -rcs; use -norcs to disable this option. The file checked into RCS will have a ``.rcs'' suffix appended to its name. This has no effect if the grid-mapfile is written to stdout.

-force

Force an update regardless of the timestamps of the input and output files. Normally the grid-mapfile is not re-generated if it is newer than any of its input files (/etc/passwd, requests.log). (gx-gen-mapfile also checks the last modification time of a .update file in the new-requests directory; the command gx-request update will force an update to this file.)

-prerequisite file

Causes the specified file to be treated as a prerequisite in determining whether the grid-mapfile needs to be regenerated. The file is not processed other than to check its timestamp. This option may be given multiple times

SEE ALSO

gx-map(7), gx-request(1), gx-check-requests(8), gx-map-security(7), gx-check-index(8)

AUTHOR

Keith Thompson, San Diego Supercomputer Center, <kst@sdsc.edu>

COPYRIGHT AND LICENSE

See the file LICENSE in the gx-map distribution, installed in the etc/gx-map subdirectory.