Hi,
This is for your information:
We've been trying out EMI 3 Argus here at Liverpool. Unfortunately, we
had a security problem.
After running YAIM, the file, /etc/argus/pap/pap_authorization.ini,
contained only these lines, with emailAddress
(in lower case):
:-----------------------------------------------------
[dn]
"[log in to unmask]"
: ALL
"[log in to unmask]"
: ALL
[fqan]
:-----------------------------------------------------
Yet it was trying to match a certificate DN that had the field set to
"[log in to unmask]", i.e.
upper case. For now, we worked around it by putting upper case versions
of the DNs in the pap_authorization.ini file,
but it should be fixed more systemically.
Cheers,
Steve
--- NEW FILE ---
#
# Configuration file created by YAIM on 15/03/2013 15:15
#
# PAP service access control
#
# Documentation: https://twiki.cern.ch/twiki/bin/view/EGEE/AuthZPAPConfig
#
[dn]
"[log in to unmask]"
: ALL
"[log in to unmask]"
: ALL
"[log in to unmask]"
: ALL
"[log in to unmask]"
: ALL
[fqan]
--
Steve Jones [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpool http://www.liv.ac.uk/physics/hep/
|