Hi *,
I don't understand why we are trying to reinvent the wheel !!
there is almost at least one service designed for each task.
e.g for Long Transfers there is FTS.
I don't see the point why the user insists to use lcg-cp
it sounds to me that we are asking a fiat panda to transfer the load
of a 10 Tone Truck.
I agree that we should keep it as simple as possible but we need to
keep it safe also.
Cheers,
K.
On 25 Ιουλ 2007, at 12:47 ΜΜ, Gonçalo Borges wrote:
> Hi *,
>
> But consider the case when a user wants to continuously transfer
> data from castorsrm (for example) to a local dcache storage just
> using lcg-cp (not FTS) from the UI (for example, some of our local
> users just want to use the grid for data transfers and the process
> it in the local farm). Is this way there is no possibility to renew
> proxies and the VOMs limit would be a real limitation. In there a
> workaround for this case?
>
> Cheers
> Goncalo
>
>
> Antun Balaz wrote:
>> Hi David,
>>
>> If the user mind to use WMS, everything will work perfectly, i.e.
>> WMS will add
>> VOMS attributes after the plain grid-proxy is received from MyProxy.
>>
>> For lcg-RB, proxy-renewal is not capable of this, but within the
>> SEE-GRID
>> project Valentin Vidic developed voms-renewd for lcg-RB which
>> solves this
>> problem. If you are interested, please let me know.
>>
>> Best regards, Antun
>>
>> -----
>> Antun Balaz
>> Research Assistant
>> E-mail: [log in to unmask]
>> Web: http://scl.phy.bg.ac.yu/
>>
>> Phone: +381 11 3713152
>> Fax: +381 11 3162190
>>
>> Scientific Computing Laboratory
>> Institute of Physics, Belgrade, Serbia
>> -----
>>
>> ---------- Original Message -----------
>> From: David Bouvet <[log in to unmask]>
>> To: [log in to unmask]
>> Sent: Wed, 25 Jul 2007 10:22:13 +0200
>> Subject: Re: [LCG-ROLLOUT] Expiration time of a proxy before the
>> end of job.
>>
>>
>>> Hi Antun,
>>>
>>> MyProxy is not able to renew VOMS attributes, but only the basic
>>> part of the proxy. So the user will still have the problem, if he
>>> needs a VOMS role or group.
>>>
>>> Is the new version of MyProxy server (which can deal with VOMS
>>> attributes) released ?
>>>
>>> Cheers,
>>> David.
>>>
>>> Antun Balaz wrote:
>>>
>>>> Hi to all,
>>>>
>>>> This is certainly not a way to go! In order to increase the
>>>> allowed lifetime
>>>> of a VOMS proxy for EGEE VOs, the permission must be asked from
>>>> Joint Security
>>>> Policy Group (JSPG), since this is clearly related with the
>>>> security issues
>>>> (voms-proxies can be subjects of abuse; the longer their
>>>> lifetime, the longer
>>>> possible abuse).
>>>>
>>>> In fact, there is no need for increasing the maximal allowed
>>>> lifetime of the
>>>> proxy. MyProxy is designed to deal with this problem. So, a user
>>>> should choose
>>>> MyProxy server, store his/her credentials to it so that they can
>>>> be used by
>>>> RB/WMS used to renew user's proxy, and specify the MyProxyServer
>>>> in JDL, like
>>>> this:
>>>>
>>>> MyProxyServer = myproxy.domain.org;
>>>>
>>>> In order for this to work, the credential should be stored using
>>>> a command
>>>> like this:
>>>>
>>>> myproxy-init -s myproxy.domain.org -d -n -c 240
>>>>
>>>> This will store credentials on the myproxy.domain.org that will
>>>> be valid for
>>>> the next 240 hours, i.e. 10 days.
>>>>
>>>> What should be ensured is that MyProxyServer is configured to
>>>> allow RB/WMS
>>>> used by the user to renew certificates. If this is the case,
>>>> there should be
>>>> no problems.
>>>>
>>>> Best regards, Antun
>>>>
>>>> -----
>>>> Antun Balaz
>>>> Research Assistant
>>>> E-mail: [log in to unmask]
>>>> Web: http://scl.phy.bg.ac.yu/
>>>>
>>>> Phone: +381 11 3713152
>>>> Fax: +381 11 3162190
>>>>
>>>> Scientific Computing Laboratory
>>>> Institute of Physics, Belgrade, Serbia
>>>> -----
>>>>
>>>> ---------- Original Message -----------
>>>> From: Vincenzo Ciaschini <[log in to unmask]>
>>>> To: [log in to unmask]
>>>> Sent: Tue, 24 Jul 2007 18:04:45 +0200
>>>> Subject: Re: [LCG-ROLLOUT] Expiration time of a proxy before the
>>>> end of job.
>>>>
>>>>
>>>>> Christoph Wissing wrote:
>>>>>
>>>>>> Hi Sérgio,
>>>>>>
>>>>>> the VOMS extention of the proxy is limited by the VOMS server,
>>>>>> 48h in your
>>>>>>
>>>> case what is the default.
>>>>
>>>>>> If you have access to the VOMS server you can it change here:
>>>>>> /opt/glite/etc/voms/hone/voms.conf
>>>>>> the important line is the one "--timeout=NNNNN", where NNNNN
>>>>>> is the
>>>>>>
>>>> maximum VOMS lifetime of the VOMS.
>>>>
>>>>>> Note that the VOMS service needs to be restarted, if I
>>>>>> remember correctly.
>>>>>>
>>>>> No, there is no need to restart the server. A simple kill -HUP
>>>>> <higher voms pid> is sufficient to make it reread the
>>>>> configuration and apply all changes except port number changes.
>>>>>
>>>>> Ciao,
>>>>> Vincenzo
>>>>>
>>>> ------- End of Original Message -------
>>>>
>>>>
>>>>
>>>>
>>> --
>>> *David BOUVET*
>>> /EGEE Project team/
>>> IN2P3/CNRS Computing Centre - Lyon (FRANCE)
>>> http://grid.in2p3.fr
>>> Tel. : +33 4 72 69 41 62 | Fax. : +33 4 72 69 41 70 | e-mail :
>>> [log in to unmask]
>>>
>> ------- End of Original Message -------
>>
Koumantaros Kostas, MSc
Software Engineer / Grid Technologies
-------------------------------------------------
**Greek Research and Technology Network (GRNET)**
Mesogion Avenue 56, 4th Floor, Room 4.1.6
GR-11527, Ampelokipi, Athens, Greece
-------------------------------------------------
Tel.:+30 210 7474246
Mob.: +30 697 7606622
Fax.: +30 210 7474490
Skype: kkoumantaros
Email:[log in to unmask]
WWW: http://www.grnet.gr
|