Hi Antun,
MyProxy is not able to renew VOMS attributes, but only the basic part of
the proxy. So the user will still have the problem, if he needs a VOMS
role or group.
Is the new version of MyProxy server (which can deal with VOMS
attributes) released ?
Cheers,
David.
Antun Balaz wrote:
> Hi to all,
>
> This is certainly not a way to go! In order to increase the allowed lifetime
> of a VOMS proxy for EGEE VOs, the permission must be asked from Joint Security
> Policy Group (JSPG), since this is clearly related with the security issues
> (voms-proxies can be subjects of abuse; the longer their lifetime, the longer
> possible abuse).
>
> In fact, there is no need for increasing the maximal allowed lifetime of the
> proxy. MyProxy is designed to deal with this problem. So, a user should choose
> MyProxy server, store his/her credentials to it so that they can be used by
> RB/WMS used to renew user's proxy, and specify the MyProxyServer in JDL, like
> this:
>
> MyProxyServer = myproxy.domain.org;
>
> In order for this to work, the credential should be stored using a command
> like this:
>
> myproxy-init -s myproxy.domain.org -d -n -c 240
>
> This will store credentials on the myproxy.domain.org that will be valid for
> the next 240 hours, i.e. 10 days.
>
> What should be ensured is that MyProxyServer is configured to allow RB/WMS
> used by the user to renew certificates. If this is the case, there should be
> no problems.
>
> Best regards, Antun
>
> -----
> Antun Balaz
> Research Assistant
> E-mail: [log in to unmask]
> Web: http://scl.phy.bg.ac.yu/
>
> Phone: +381 11 3713152
> Fax: +381 11 3162190
>
> Scientific Computing Laboratory
> Institute of Physics, Belgrade, Serbia
> -----
>
> ---------- Original Message -----------
> From: Vincenzo Ciaschini <[log in to unmask]>
> To: [log in to unmask]
> Sent: Tue, 24 Jul 2007 18:04:45 +0200
> Subject: Re: [LCG-ROLLOUT] Expiration time of a proxy before the end of job.
>
>
>> Christoph Wissing wrote:
>>
>>> Hi Sérgio,
>>>
>>> the VOMS extention of the proxy is limited by the VOMS server, 48h in your
>>>
> case what is the default.
>
>>> If you have access to the VOMS server you can it change here:
>>> /opt/glite/etc/voms/hone/voms.conf
>>> the important line is the one "--timeout=NNNNN", where NNNNN is the
>>>
> maximum VOMS lifetime of the VOMS.
>
>>> Note that the VOMS service needs to be restarted, if I remember correctly.
>>>
>> No, there is no need to restart the server. A simple kill -HUP
>> <higher voms pid> is sufficient to make it reread the configuration
>> and apply all changes except port number changes.
>>
>> Ciao,
>> Vincenzo
>>
> ------- End of Original Message -------
>
>
>
--
*David BOUVET*
/EGEE Project team/
IN2P3/CNRS Computing Centre - Lyon (FRANCE)
http://grid.in2p3.fr
Tel. : +33 4 72 69 41 62 | Fax. : +33 4 72 69 41 70 | e-mail :
[log in to unmask]
|