Testbed Support for GridPP member institutes [mailto:TB-
> [log in to unmask]] On Behalf Of Christopher J.Walker said:
> What's the point of the --voms command if it isn't going to work?
It does work - it creates a proxy with voms credentials and stores it. However the maximum lifetime of those credentials is (normally) 24 hours, so after that if you retrieve the proxy they'll be expired, as you discovered. You can of course always renew them at that point just by contacting the voms server again - myproxy can do that for you as the cert is retrieved or you can do it yourself, but for it to happen inside a service it needs to be supported by the service.
What the WMS proxy renewal service does that goes beyond that, and what I thought the FTS was supposed to do, is read the voms credentials and work out for itself what voms server(s) to contact and what attributes to request to renew them, so it can renew any proxy without specifically needing to be told which VO, which roles etc. As far as I know myproxy doesn't do that. (The WMS also has to actively push the renewed proxy to the job, but the FTS wouldn't need that.)
Stephen
|