Hi all,

We’re about to bring our new EOS storage to production, for a new T2 site installation (in Vienna).
I’m struggling a bit with the correct authentication setup:

I have in place a gridmap file that will map my user certificate correctly to a unix user, but I understand this is not the correct way for the whole grid setup. What is the correct way to map certificates from production transfers? (I know of LCMAPS, do we need to implement this for EOS too?) - I understand the mapping has to be done on a VO to unix user level. I was unable to find any reference documentation for this. Would anybody be willing to share example configs?

We need to set this up for Alice, Belle and CMS experiments.

For CMS I also found this document: https://twiki.cern.ch/twiki/bin/viewauth/CMS/DMWMPG_Namespace
describing the namespace / directory hierarchy required - do we need to pre-create this, or will this be done automatically by incoming grid transfers?

Also, for CMS there is the SITECONFIG that defines the mapping from “logical file name” to “physical file name” on the actual storage system. Will such mappings have to be announced in a similar fashion for Belle and Alice?

Best,
Erich

As we figured out, all of this is done using the vid -map voms [...] set of commands.
It can basically do all of grid-mapfile and LCMAPS together, i.e.

voms:"/belle:":gid => role.grid.belle.pool
voms:"/belle:":uid => grid.belle.pool001
voms:"/belle:lcgadmin":uid => grid.belle.prod
voms:"/belle:production":uid => grid.belle.prod
voms:"/cms:":gid => role.grid.cms.pool
voms:"/cms:":uid => grid.cms.pool001
voms:"/cms:lcgadmin":uid => grid.cms.prod
voms:"/cms:production":uid => grid.cms.prod

that way we map various roles from both VOs cms and belle to different uids and gids.