On 14/12/11 14:50, Steve Traylen wrote:
> On Dec 14, 2011, at 3:37 PM, John Gordon wrote:
>
>> Steve, are you also adding the entries for people who haven't yet renewed their certs?
>
> Yes.
>
> To be precise it's the people in the DB with a "CN=UK e-Science CA" who have not already added their 2B selves
> already. The other dates such as the AUP signing date (valid for one year) are associated with the user rather
> than the individual CA identity.
>
> So e.g if their "UK e-Science CA" is suspended because they have not signed the AUP recently enough then
> there "2B" will be in the same state. They can use either identity now to sign the AUP at any point which will be on
> both of themselves.
>
> Members can at their leisure switch their primary certificate to be "2B" and delete their old selves but other than for
> the purposes of removing junk this is irrelevant if their old selves remain..
>
> Maybe that makes sense.
>
I've just hit what sounds like the same problem with the gridpp voms
server.
I now have a 2B certificate.
voms-proxy-init --voms snoplus.snolab.ca works fine.
If I look at:
https://voms.gridpp.ac.uk:8443/voms/snoplus.snolab.ca/register/start.action
There are things I can't see, and if I try to remove the pilot role from
myself, I have Insufficient privileges.
I can however see that the privileges were granted with the old CA.
Is there something that can/should be done to the VOMS server -
presumably I won't be the only one hitting this.
Chris
|