Hi!
Recently I installed a VOMS server (glite-VOMS_mysql-3.1.11-0) for a
regional VO. I am also aware of bug #37372 and deployed the workaround.
For testing I enabled a VO with two different groups, but creating a
proxy from a UI the group request is ignored. I always get all
attributes in the same order:
$ voms-proxy-init -debug -voms vo.pic.es:/vo.pic.es/group02
Detected Globus version: 22
Unspecified proxy version, settling on Globus version: 2
Number of bits in key :512
Using configuration file <my_home>/.glite/vomses
Using configuration file /opt/glite/etc/vomses
Files being used:
CA certificate file: none
Trusted certificates directory : /etc/grid-security/certificates
Proxy certificate file : <my_proxy_file>
User certificate file: <my_home>/.globus/usercert.pem
User key file: <my_home>/.globus/userkey.pem
Output to <my_proxy_file>
Enter GRID pass phrase:
Your identity: <my_dn>
Using configuration file <my_home>/.glite/vomses
Using configuration file <my_home>/.glite/vomses
Using configuration file /opt/glite/etc/vomses
Using configuration file /opt/glite/etc/vomses
Using configuration file <my_home>/.glite/vomses
Using configuration file /opt/glite/etc/vomses
Creating temporary proxy to <my_tmp_proxy> .++++++++++++
...........++++++++++++
Done
Contacting voms01.pic.es:15001
[/DC=es/DC=irisgrid/O=pic/CN=voms01.pic.es] "vo.pic.es" Done
Creating proxy to <my_proxy_file> ...........++++++++++++
.....++++++++++++
Done
Your proxy is valid until Thu Jul 24 03:09:17 2008
[neissner@ui03 ~]$ voms-proxy-info -all
WARNING: Unable to verify signature! Server certificate possibly not
installed.
Error: Unable to determine hostname from AC.
subject : <my_dn>/CN=proxy
issuer : <my_dn>
identity : <my_dn>
type : proxy
strength : 512 bits
path : <my_proxy_file>
timeleft : 11:53:44
=== VO vo.pic.es extension information ===
VO : vo.pic.es
subject : <my_dn>
issuer : /DC=es/DC=irisgrid/O=pic/CN=voms01.pic.es
attribute : /vo.pic.es
attribute : /vo.pic.es/group01
attribute : /vo.pic.es/group02
timeleft : 11:53:44
Shouldn't the order of the attributes be changed to put the requested
group at the first position? The given error from voms-proxy-init I
understand neither. The host certificate of the VOMS server is installed
on the UI:
$ openssl x509 -in /etc/grid-security/vomsdir/voms01.pic.es -noout
-subject -dates
subject= /DC=es/DC=irisgrid/O=pic/CN=voms01.pic.es
notBefore=Jun 30 12:29:05 2008 GMT
notAfter=Jun 30 12:29:05 2009 GMT
Thanks in advance,
Christian.
|