Hi Antun,
They want to transfer several files during 2 or 3 days and it would be
easier for them just to start one proxy at the beginning.
Renewing proxies on a daily basis just means a little bit more work...
Instead of transferring everything as a single set, they have to divide
it in several sets and check if the transfer time of each one of the
sets doesn't exceed 24h. Obviosuly, it's feasible!
Cheers
Goncalo
Antun Balaz wrote:
> Hi Goncalo,
>
> What continuously mean? If it means continuous submission of individual file
> transfer commands (each of which does not last more than, say, 23 hours, to be
> on the safe side), then there are no problems - the user just has to create
> the new voms-proxy from time to time...
>
> Regards, Antun
>
> -----
> Antun Balaz
> Research Assistant
> E-mail: [log in to unmask]
> Web: http://scl.phy.bg.ac.yu/
>
> Phone: +381 11 3713152
> Fax: +381 11 3162190
>
> Scientific Computing Laboratory
> Institute of Physics, Belgrade, Serbia
> -----
>
> ---------- Original Message -----------
> From: Gonçalo Borges <[log in to unmask]>
> To: [log in to unmask]
> Sent: Wed, 25 Jul 2007 10:47:40 +0100
> Subject: Re: [LCG-ROLLOUT] Expiration time of a proxy before the end of job.
>
>
>> Hi *,
>>
>> But consider the case when a user wants to continuously transfer
>> data from castorsrm (for example) to a local dcache storage just
>> using lcg-cp
>> (not FTS) from the UI (for example, some of our local users just
>> want to use the grid for data transfers and the process it in the
>> local farm). Is this way there is no possibility to renew proxies
>> and the VOMs limit would be a real limitation. In there a workaround
>> for this case?
>>
>> Cheers
>> Goncalo
>>
>> Antun Balaz wrote:
>>
>>> Hi David,
>>>
>>> If the user mind to use WMS, everything will work perfectly, i.e. WMS will add
>>> VOMS attributes after the plain grid-proxy is received from MyProxy.
>>>
>>> For lcg-RB, proxy-renewal is not capable of this, but within the SEE-GRID
>>> project Valentin Vidic developed voms-renewd for lcg-RB which solves this
>>> problem. If you are interested, please let me know.
>>>
>>> Best regards, Antun
>>>
>>> -----
>>> Antun Balaz
>>> Research Assistant
>>> E-mail: [log in to unmask]
>>> Web: http://scl.phy.bg.ac.yu/
>>>
>>> Phone: +381 11 3713152
>>> Fax: +381 11 3162190
>>>
>>> Scientific Computing Laboratory
>>> Institute of Physics, Belgrade, Serbia
>>> -----
>>>
>>> ---------- Original Message -----------
>>> From: David Bouvet <[log in to unmask]>
>>> To: [log in to unmask]
>>> Sent: Wed, 25 Jul 2007 10:22:13 +0200
>>> Subject: Re: [LCG-ROLLOUT] Expiration time of a proxy before the end of job.
>>>
>>>
>>>
>>>> Hi Antun,
>>>>
>>>> MyProxy is not able to renew VOMS attributes, but only the basic
>>>> part of the proxy. So the user will still have the problem, if he
>>>> needs a VOMS role or group.
>>>>
>>>> Is the new version of MyProxy server (which can deal with VOMS
>>>> attributes) released ?
>>>>
>>>> Cheers,
>>>> David.
>>>>
>>>> Antun Balaz wrote:
>>>>
>>>>
>>>>> Hi to all,
>>>>>
>>>>> This is certainly not a way to go! In order to increase the allowed lifetime
>>>>> of a VOMS proxy for EGEE VOs, the permission must be asked from Joint
>>>>>
> Security
>
>>>>> Policy Group (JSPG), since this is clearly related with the security issues
>>>>> (voms-proxies can be subjects of abuse; the longer their lifetime, the
>>>>>
> longer
>
>>>>> possible abuse).
>>>>>
>>>>> In fact, there is no need for increasing the maximal allowed lifetime of the
>>>>> proxy. MyProxy is designed to deal with this problem. So, a user should
>>>>>
> choose
>
>>>>> MyProxy server, store his/her credentials to it so that they can be used by
>>>>> RB/WMS used to renew user's proxy, and specify the MyProxyServer in JDL,
>>>>>
> like
>
>>>>> this:
>>>>>
>>>>> MyProxyServer = myproxy.domain.org;
>>>>>
>>>>> In order for this to work, the credential should be stored using a command
>>>>> like this:
>>>>>
>>>>> myproxy-init -s myproxy.domain.org -d -n -c 240
>>>>>
>>>>> This will store credentials on the myproxy.domain.org that will be valid for
>>>>> the next 240 hours, i.e. 10 days.
>>>>>
>>>>> What should be ensured is that MyProxyServer is configured to allow RB/WMS
>>>>> used by the user to renew certificates. If this is the case, there should be
>>>>> no problems.
>>>>>
>>>>> Best regards, Antun
>>>>>
>>>>> -----
>>>>> Antun Balaz
>>>>> Research Assistant
>>>>> E-mail: [log in to unmask]
>>>>> Web: http://scl.phy.bg.ac.yu/
>>>>>
>>>>> Phone: +381 11 3713152
>>>>> Fax: +381 11 3162190
>>>>>
>>>>> Scientific Computing Laboratory
>>>>> Institute of Physics, Belgrade, Serbia
>>>>> -----
>>>>>
>>>>> ---------- Original Message -----------
>>>>> From: Vincenzo Ciaschini <[log in to unmask]>
>>>>> To: [log in to unmask]
>>>>> Sent: Tue, 24 Jul 2007 18:04:45 +0200
>>>>> Subject: Re: [LCG-ROLLOUT] Expiration time of a proxy before the end of job.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Christoph Wissing wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Hi Sérgio,
>>>>>>>
>>>>>>> the VOMS extention of the proxy is limited by the VOMS server, 48h in your
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> case what is the default.
>>>>>
>>>>>
>>>>>
>>>>>>> If you have access to the VOMS server you can it change here:
>>>>>>> /opt/glite/etc/voms/hone/voms.conf
>>>>>>> the important line is the one "--timeout=NNNNN", where NNNNN is the
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> maximum VOMS lifetime of the VOMS.
>>>>>
>>>>>
>>>>>
>>>>>>> Note that the VOMS service needs to be restarted, if I remember correctly.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> No, there is no need to restart the server. A simple kill -HUP
>>>>>> <higher voms pid> is sufficient to make it reread the configuration
>>>>>> and apply all changes except port number changes.
>>>>>>
>>>>>> Ciao,
>>>>>> Vincenzo
>>>>>>
>>>>>>
>>>>>>
>>>>> ------- End of Original Message -------
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>> --
>>>> *David BOUVET*
>>>> /EGEE Project team/
>>>> IN2P3/CNRS Computing Centre - Lyon (FRANCE)
>>>> http://grid.in2p3.fr
>>>> Tel. : +33 4 72 69 41 62 | Fax. : +33 4 72 69 41 70 | e-mail :
>>>> [log in to unmask]
>>>>
>>>>
>>> ------- End of Original Message -------
>>>
>>>
> ------- End of Original Message -------
>
|