Edit the dcache.kpwd file on dcache-head.unl.edu

While gPlazma should allow all VO users to utilize the site storage, Nebraska still uses the flat-file dcache.kpwd in order to save the network-overhead call for our top users.  Because the top 5 users cause about 95% of the authentication requests, this is a useful optimization.

The dcache.kpwd file uses a funny schema; it's best to ask the experts.  Here is an example:

version 2.1

# the following are the user auth records

mapping "/DC=org/DC=doegrids/OU=People/CN=Brian Bockelman 504307" brian
mapping "/DC=org/DC=doegrids/OU=People/CN=Carl Lundstedt 229191" uscms01
mapping "/DC=org/DC=doegrids/OU=People/CN=Joel M. Snow 647405" dzero
mapping "/DC=org/DC=doegrids/OU=Services/CN=sam/d0srv047.fnal.gov" dzero
mapping "/DC=org/DC=doegrids/OU=People/CN=Ajit Kumar Mohapatra 867118" cmsprod
mapping "/DC=org/DC=doegrids/OU=People/CN=Yujun Wu 167397" uscms01
mapping "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=teodoro/CN=664016/CN=Douglas Teodoro" uscms01
mapping "/C=TW/O=NCU/OU=PHYS/CN=Chia-Ming Kuo/E=cmingkuo@pchep.phy.ncu.edu.tw" uscms01
mapping "/C=TW/O=NCU/OU=PHYS/CN=Chia-Ming Kuo/EMAILADDRESS=cmingkuo@pchep.phy.ncu.edu.tw" uscms01
mapping "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=magini/CN=577890/CN=Nicolo Magini" uscms01
mapping "/DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=asciaba/CN=430796/CN=Andrea Sciaba" uscms01
mapping "/DC=org/DC=doegrids/OU=People/CN=Frank Wuerthwein 699373" uscmsPool1182
mapping "/DC=org/DC=doegrids/OU=People/CN=Alexander Sim 546622" osg
mapping "/DC=org/DC=doegrids/OU=People/CN=Alexander Moibenko 406906" osg

# the following are the user auth records
login brian read-write 1411 1411 / / /
 /DC=org/DC=doegrids/OU=People/CN=Brian Bockelman 504307

login uscms01 read-write 1410 1410 / /pnfs/unl.edu/data4 /pnfs/unl.edu/data4
 /DC=org/DC=doegrids/OU=People/CN=Carl Lundstedt 229191
 /DC=org/DC=doegrids/OU=People/CN=Yujun Wu 167397
 /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=teodoro/CN=664016/CN=Douglas Teodoro
 /C=TW/O=NCU/OU=PHYS/CN=Chia-Ming Kuo/E=cmingkuo@pchep.phy.ncu.edu.tw
 /C=TW/O=NCU/OU=PHYS/CN=Chia-Ming Kuo/EMAILADDRESS=cmingkuo@pchep.phy.ncu.edu.tw
 /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=asciaba/CN=430796/CN=Andrea Sciaba
 /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=magini/CN=577890/CN=Nicolo Magini

login dzero read-write 1440 1440 / /pnfs/unl.edu/data4/dzero /pnfs/unl.edu/data4/dzero
 /DC=org/DC=doegrids/OU=People/CN=Joel M. Snow 647405
 /DC=org/DC=doegrids/OU=Services/CN=sam/d0srv047.fnal.gov

login cmsprod read-write 1396 1396 / /pnfs/unl.edu/data4/cms/store /pnfs/unl.edu/data4/cms/store
 /DC=org/DC=doegrids/OU=People/CN=Ajit Kumar Mohapatra 867118

login uscmsPool1182 read-write 2593 2593 / /pnfs/unl.edu/data4 /pnfs/unl.edu/data4
 /DC=org/DC=doegrids/OU=People/CN=Frank Wuerthwein 699373

login osg read-write 1403 1403 / /pnfs/unl.edu/ /pnfs/unl.edu/
/DC=org/DC=doegrids/OU=People/CN=Alexander Sim 546622
/DC=org/DC=doegrids/OU=People/CN=Alexander Moibenko 406906

Things which have caused problems previously at the site; make sure you get them right:

• Each new user requires two new lines: a mapping line, and a login line.
• The mapping line has the following format:
  

  mapping "<user DN>" <Unix username>

• The login line has the following format:
  

  login <username> read|read-write <uid> <gid> / <root> <root>
  <List of user DNs, one per line>

  There should be one login entry per username.
  
• People usually make a mistake when editing this file; it does not get validated at system startup.  Hence, all changes must be tested.
  
• The file allows you to set where a user's root directory is (a FTP artifact, really).  Make sure this syncs up with the gPlazma settings.
• The "login" entries require a blank line afterward otherwise the file silently parses incorrectly.

Copy the file to the dCache nodes

./dcache-scp /opt/d-cache/etc/dcache.kpwd /opt/d-cache/etc/dcache.kpwd