Hi Alvaro,
check the
voms-proxy-info -all
output: with voms there are TWO lifetimes: the proxy lifetime and the
lifetime of the voms credentials. Could be that the clock on your CE (or
the machine where you generated the proxy) is out of sync.
cheers,
JJK / Jan Just Keijser
Nikhef Amsterdam
Alvaro Simon Garcia wrote:
> Dear all,
>
> Since we had installed a new lcg-CE 3.1 with VOMS DN we found in
> /var/log/globus-gatekeeper.log a lot of entries for some VO users (not
> all) like this:
>
>
> LCAS 0:
> LCAS 1: Initialization LCAS version 1.3.7
> allowing empty credentials
> LCAS 2: LCAS authorization request
> LCAS 0: lcas_userban.mod-plugin_confirm_authorization():
> checking banned users in /opt/glite/etc/lcas/ban_users.db
> LCAS 0:
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Generic
> verification error for VOMS (failure): AC not yet (or not anymore) valid.
> LCAS 0: 2008-06-06.09:13:35 :
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
> failed
> LCAS 0: lcas.mod-lcas_run_va(): authorization failed for plugin
> /opt/glite/lib/modules/lcas_voms.mod
> LCAS 0: lcas.mod-lcas_run_va(): failed
> TIME: Fri Jun 6 09:18:10 2008
> PID: 2463 -- Notice: 6: Got connection 85.142.10.36 at Fri Jun 6
> 09:18:10 2008
>
> In this case is a biomed user and in /etc/grid-security/vomsdir/biomed:
>
> >cat cclcgvomsli01.in2p3.fr.lsc
>
> /O=GRID-FR/C=FR/O=CNRS/OU=CC-LYON/CN=cclcgvomsli01.in2p3.fr
> /C=FR/O=CNRS/CN=GRID-FR
>
|