Hi Jonathan,
Maybe you could try Mingchao's suggestion. If this doesn't work for you or causes problems in some way, then I'll add the WMS to the list of trusted servers on the MyProxy server.
Regards,
Andrew.
-----Original Message-----
From: Testbed Support for GridPP member institutes [mailto:[log in to unmask]] On Behalf Of Mingchao Ma
Sent: 31 October 2011 15:00
To: [log in to unmask]
Subject: Re: proxy delegation
> I can add it, but I need the DN of the machine. Do you happen to know what
> it is?
I will be cautious to add the DN to the myproxy server.
There is another way to do it.
The -R argument to
myproxy-init configures the credential for renewal by the specified
service. Renewal requires two
authentications. The renewing service must authenticate with its own
credentials, matching the dis-
tinquished name specified by the -R argument, and must also
authenticate with an existing credential
that matches the distinguished name of the stored credential, to
retrieve a new credential.
So instead of add a new DN to the myproxy server, whenever one uses
myproxy-init one can tell the myproxy server which service(serve's DN) can
renew your proxy for you if the server is not on the list of trusted server of
myproxy server. The list of trusted server is configured by system admin.
And also, the -c argument to myproxy-init will allow you to specify the
lifetime of the credential stored on the server
-c hours, --cred_lifetime hours
Specifies the lifetime of the credential stored on the
myproxy-server(8) in hours. Specify 0
for the maximum possible lifetime, i.e., the lifetime of the
original credential. Default: 1
week (168 hours)
please check man myproxy-init for more information
Cheers,
Mingchao
|