On Fri, 6 Jun 2008, Alvaro Simon Garcia wrote:
> Dear all,
>
> Since we had installed a new lcg-CE 3.1 with VOMS DN we found in
> /var/log/globus-gatekeeper.log a lot of entries for some VO users (not
> all) like this:
>
>
> LCAS 0:
> LCAS 1: Initialization LCAS version 1.3.7
> allowing empty credentials
> LCAS 2: LCAS authorization request
> LCAS 0: lcas_userban.mod-plugin_confirm_authorization():
> checking banned users in /opt/glite/etc/lcas/ban_users.db
> LCAS 0:
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Generic
> verification error for VOMS (failure): AC not yet (or not anymore) valid.
There you have it: the user proxy contained expired VOMS extensions.
The plain grid proxy lifetime can be as long as the lifetime of the user's
certificate, but the VOMS extension lifetime is limited by the VOMS server,
by default to 24 h.
|