As author of the set of scripts that generates these
passphrase-protected credentials:
Maarten Litmaath wrote:
> Hallo Ernst,
>
>> can the WMS renew a proxy from a credential with a passphrase on the
>> MyProxy server?
>
> No, by design!
>
where is this specified?
The system (upload a passphrase protected robot cert generated proxy to
a MyProxy server) has been in operation for 4 years or more and only
recently this problem popped up. Is this behaviour new?
>> We have a user that uses a robot certificate which stores a
>> credential on the MyProxy
>> server. This credential is protected with a passphrase.
>
> Why?!
the robot token is located in a protected server room on an isolated
well-controlled machine. A proxy is generated every 24 hours and
uploaded using a well known password (and using "-d" ) to the MyProxy
server.
The portal host on which the proxy is needed grabs a proxy using this
"well-known" password.
This has been working for nearly 4 years - could be we just got lucky
during those 4 years, but where was it specified that you cannot do this?
share and enjoy,
JJK / Jan Just Keijser
Nikhef
Amsterdam
|