Hi *,
But consider the case when a user wants to continuously transfer data
from castorsrm (for example) to a local dcache storage just using lcg-cp
(not FTS) from the UI (for example, some of our local users just want to
use the grid for data transfers and the process it in the local farm).
Is this way there is no possibility to renew proxies and the VOMs limit
would be a real limitation. In there a workaround for this case?
Cheers
Goncalo
Antun Balaz wrote:
> Hi David,
>
> If the user mind to use WMS, everything will work perfectly, i.e. WMS will add
> VOMS attributes after the plain grid-proxy is received from MyProxy.
>
> For lcg-RB, proxy-renewal is not capable of this, but within the SEE-GRID
> project Valentin Vidic developed voms-renewd for lcg-RB which solves this
> problem. If you are interested, please let me know.
>
> Best regards, Antun
>
> -----
> Antun Balaz
> Research Assistant
> E-mail: [log in to unmask]
> Web: http://scl.phy.bg.ac.yu/
>
> Phone: +381 11 3713152
> Fax: +381 11 3162190
>
> Scientific Computing Laboratory
> Institute of Physics, Belgrade, Serbia
> -----
>
> ---------- Original Message -----------
> From: David Bouvet <[log in to unmask]>
> To: [log in to unmask]
> Sent: Wed, 25 Jul 2007 10:22:13 +0200
> Subject: Re: [LCG-ROLLOUT] Expiration time of a proxy before the end of job.
>
>
>> Hi Antun,
>>
>> MyProxy is not able to renew VOMS attributes, but only the basic
>> part of the proxy. So the user will still have the problem, if he
>> needs a VOMS role or group.
>>
>> Is the new version of MyProxy server (which can deal with VOMS
>> attributes) released ?
>>
>> Cheers,
>> David.
>>
>> Antun Balaz wrote:
>>
>>> Hi to all,
>>>
>>> This is certainly not a way to go! In order to increase the allowed lifetime
>>> of a VOMS proxy for EGEE VOs, the permission must be asked from Joint Security
>>> Policy Group (JSPG), since this is clearly related with the security issues
>>> (voms-proxies can be subjects of abuse; the longer their lifetime, the longer
>>> possible abuse).
>>>
>>> In fact, there is no need for increasing the maximal allowed lifetime of the
>>> proxy. MyProxy is designed to deal with this problem. So, a user should choose
>>> MyProxy server, store his/her credentials to it so that they can be used by
>>> RB/WMS used to renew user's proxy, and specify the MyProxyServer in JDL, like
>>> this:
>>>
>>> MyProxyServer = myproxy.domain.org;
>>>
>>> In order for this to work, the credential should be stored using a command
>>> like this:
>>>
>>> myproxy-init -s myproxy.domain.org -d -n -c 240
>>>
>>> This will store credentials on the myproxy.domain.org that will be valid for
>>> the next 240 hours, i.e. 10 days.
>>>
>>> What should be ensured is that MyProxyServer is configured to allow RB/WMS
>>> used by the user to renew certificates. If this is the case, there should be
>>> no problems.
>>>
>>> Best regards, Antun
>>>
>>> -----
>>> Antun Balaz
>>> Research Assistant
>>> E-mail: [log in to unmask]
>>> Web: http://scl.phy.bg.ac.yu/
>>>
>>> Phone: +381 11 3713152
>>> Fax: +381 11 3162190
>>>
>>> Scientific Computing Laboratory
>>> Institute of Physics, Belgrade, Serbia
>>> -----
>>>
>>> ---------- Original Message -----------
>>> From: Vincenzo Ciaschini <[log in to unmask]>
>>> To: [log in to unmask]
>>> Sent: Tue, 24 Jul 2007 18:04:45 +0200
>>> Subject: Re: [LCG-ROLLOUT] Expiration time of a proxy before the end of job.
>>>
>>>
>>>
>>>> Christoph Wissing wrote:
>>>>
>>>>
>>>>> Hi Sérgio,
>>>>>
>>>>> the VOMS extention of the proxy is limited by the VOMS server, 48h in your
>>>>>
>>>>>
>>> case what is the default.
>>>
>>>
>>>>> If you have access to the VOMS server you can it change here:
>>>>> /opt/glite/etc/voms/hone/voms.conf
>>>>> the important line is the one "--timeout=NNNNN", where NNNNN is the
>>>>>
>>>>>
>>> maximum VOMS lifetime of the VOMS.
>>>
>>>
>>>>> Note that the VOMS service needs to be restarted, if I remember correctly.
>>>>>
>>>>>
>>>> No, there is no need to restart the server. A simple kill -HUP
>>>> <higher voms pid> is sufficient to make it reread the configuration
>>>> and apply all changes except port number changes.
>>>>
>>>> Ciao,
>>>> Vincenzo
>>>>
>>>>
>>> ------- End of Original Message -------
>>>
>>>
>>>
>>>
>> --
>> *David BOUVET*
>> /EGEE Project team/
>> IN2P3/CNRS Computing Centre - Lyon (FRANCE)
>> http://grid.in2p3.fr
>> Tel. : +33 4 72 69 41 62 | Fax. : +33 4 72 69 41 70 | e-mail :
>> [log in to unmask]
>>
> ------- End of Original Message -------
>
|