 |
 |
I thought we had safeguards against nodes using someone else's host cert. John -----Original Message----- From: Testbed Support for GridPP member institutes [mailto:[log in to unmask]] On Behalf Of Steve Traylen Sent: 12 January 2011 19:23 To: [log in to unmask] Subject: Re: dteam VO VOMS server change - updates needed at most UKI sites! On Wed, Jan 12, 2011 at 5:54 PM, Daniela Bauer <[log in to unmask]> wrote: > I am sorry, but I still can't take this seriously. > For Imperial in the update from today they list ceprod00.hep.ph.ic.ac.uk From today: INFO 2011-01-12 14:28:09,976 [http-8443-Processor89] operations.BaseVomsOperation - Operation: ListMemberNamesOperation([]) - ([log in to unmask],/C=UK/O=eScienceCA/OU=Authority/CN=UK e-Science CA) - you have a phantom...... Of course it could be another host/thing with the wrong certificate. > This machine was decommissioned months ago, it hasn't been in the > bdii/GOCDB for months and most importantly it's off. How can they > claim they tested it ? > > Daniela > > On 12 January 2011 16:50, Stuart Purdie <[log in to unmask]> wrote: >> >> On 12 Jan 2011, at 16:22, Govind Songara wrote: >> >>> Hi Jermy, >>> >>> RHUL installed new VOMS on Dec 15 and there are also old cern dteam voms. >>> I think that could be reason, we or other sites still query cern voms. >>> >>> Here also says that >>> "Note that CERN VOMS servers are to remain in the site configuration during this transitional phase" >>> https://wiki.egi.eu/wiki/Dteam_vo >>> >>> Could you please check if we need to remove the old cern voms. >> >> >> I raised this in the EGI Operations meeting, and the answer is: Yes; from places, and no from others. >> >> The VO_DTEAM_VOMS_SERVERS attribute in site-info.def must contain only: vomss://voms.hellasgrid.gr:8443/voms/dteam?/dteam/ >> >> The VO_DTEAM_VOMSES atribute may contain the CERN ones as well. >> >> VOMS_SERVERS is used to build the gridmap, whilst VOMSES is used for generation of the voms attributes. >> >> >> It's horrible, but that's the desired behaviour. > > > > -- > ----------------------------------------------------------- > [log in to unmask] > HEP Group/Physics Dep > Imperial College > Tel: +44-(0)20-75947810 > http://www.hep.ph.ic.ac.uk/~dbauer/ > -- Steve Traylen