The dcachesrm-gplazma.policy file controls how gPlazma authenticates users. This file is made up of three sections: switches, priorities and options. It should be correctly configured automatically for you for a typical WLHC grid site by dCacheConfigure.sh.

The switches section of dcachesrm-gplazma.policy enables or disables security authorisation mechanisms. There are currently four mechanisms: saml-vo-mapping, kpwd, grid-mapfile and gplazmalite-vorole-mappping. We recommend switching on only gplazmalist-vorole-mapping: kpwd and grid-mapfile are to support legacy formats and saml-vo-mapping isn't useful for most WLCG sites.

saml-vo-mapping="OFF"
kpwd="OFF"
grid-mapfile="OFF"
gplazmalite-vorole-mapping="ON"

The priorities section of the dcachesrm-gplazma.policy file allows the order of authentication being tested. Since only a single authorisation mechanism is enabled, the priority values do not matter (provided they are legal) and the default configuration may be used.

The options section of the dcachesrm-gplazma.policy file specifies authorisation mechanism specific configuration, such as where auxillary files are located and whether extended verification is needed. Typically, a site may use the default values.