Hi,
I do not know if it is related to your problem, but also check
https://gus.fzk.de/ws/ticket_info.php?ticket=36587
and
https://gus.fzk.de/pages/ticket_details.php?ticket=37334
Cheers,
Christian Neissner wrote:
> Hi!
>
> Recently I installed a VOMS server (glite-VOMS_mysql-3.1.11-0) for a
> regional VO. I am also aware of bug #37372 and deployed the workaround.
> For testing I enabled a VO with two different groups, but creating a
> proxy from a UI the group request is ignored. I always get all
> attributes in the same order:
>
> $ voms-proxy-init -debug -voms vo.pic.es:/vo.pic.es/group02
> Detected Globus version: 22
> Unspecified proxy version, settling on Globus version: 2
> Number of bits in key :512
> Using configuration file <my_home>/.glite/vomses
> Using configuration file /opt/glite/etc/vomses
> Files being used:
> CA certificate file: none
> Trusted certificates directory : /etc/grid-security/certificates
> Proxy certificate file : <my_proxy_file>
> User certificate file: <my_home>/.globus/usercert.pem
> User key file: <my_home>/.globus/userkey.pem
> Output to <my_proxy_file>
> Enter GRID pass phrase:
> Your identity: <my_dn>
> Using configuration file <my_home>/.glite/vomses
> Using configuration file <my_home>/.glite/vomses
> Using configuration file /opt/glite/etc/vomses
> Using configuration file /opt/glite/etc/vomses
> Using configuration file <my_home>/.glite/vomses
> Using configuration file /opt/glite/etc/vomses
> Creating temporary proxy to <my_tmp_proxy> .++++++++++++
> ...........++++++++++++
> Done
> Contacting voms01.pic.es:15001
> [/DC=es/DC=irisgrid/O=pic/CN=voms01.pic.es] "vo.pic.es" Done
> Creating proxy to <my_proxy_file> ...........++++++++++++
> .....++++++++++++
> Done
> Your proxy is valid until Thu Jul 24 03:09:17 2008
>
> [neissner@ui03 ~]$ voms-proxy-info -all
> WARNING: Unable to verify signature! Server certificate possibly not
> installed.
> Error: Unable to determine hostname from AC.
> subject : <my_dn>/CN=proxy
> issuer : <my_dn>
> identity : <my_dn>
> type : proxy
> strength : 512 bits
> path : <my_proxy_file>
> timeleft : 11:53:44
> === VO vo.pic.es extension information ===
> VO : vo.pic.es
> subject : <my_dn>
> issuer : /DC=es/DC=irisgrid/O=pic/CN=voms01.pic.es
> attribute : /vo.pic.es
> attribute : /vo.pic.es/group01
> attribute : /vo.pic.es/group02
> timeleft : 11:53:44
>
> Shouldn't the order of the attributes be changed to put the requested
> group at the first position? The given error from voms-proxy-init I
> understand neither. The host certificate of the VOMS server is installed
> on the UI:
>
> $ openssl x509 -in /etc/grid-security/vomsdir/voms01.pic.es -noout
> -subject -dates
> subject= /DC=es/DC=irisgrid/O=pic/CN=voms01.pic.es
> notBefore=Jun 30 12:29:05 2008 GMT
> notAfter=Jun 30 12:29:05 2009 GMT
>
> Thanks in advance,
> Christian.
>
--
============================================================================
Dimitris Zilaskos
GridAUTH Operations Centre @ Aristotle University of Thessaloniki , Greece
Tel: +302310998988 Fax: +302310994309
http://www.grid.auth.gr
============================================================================
|