On 22/03/12 14:10, John Gordon wrote: > Jeremy, Chris was asking about the UK VOMS. Indeed I was. > Were the same changes made? I've just filed: https://ggus.eu/ws/ticket_info.php?ticket=80535 asking for them to be made. I'm not sure I've been particularly clear on what changes need to be made though. We'll see if I get asked for more information. Chris > > John > >> -----Original Message----- >> From: Testbed Support for GridPP member institutes [mailto:TB- >> [log in to unmask]] On Behalf Of Jeremy Coles >> Sent: 22 March 2012 14:09 >> To: [log in to unmask] >> Subject: Re: Update on the CERN VOMS problem >> >> I think everyone should have got an email (easily missed) at the time >> informing them of the change. >> >> Jeremy >> >> >> On 22 Mar 2012, at 13:11, John Gordon wrote: >> >>> For the CERN and dteam VOMS, everyone with a valid UK old cert had >> the new one added. >>> >>> John >>> >>>> -----Original Message----- >>>> From: Testbed Support for GridPP member institutes [mailto:TB- >>>> [log in to unmask]] On Behalf Of Christopher J.Walker >>>> Sent: 22 March 2012 12:39 >>>> To: [log in to unmask] >>>> Subject: Re: Update on the CERN VOMS problem >>>> >>>> On 14/12/11 14:50, Steve Traylen wrote: >>>>> On Dec 14, 2011, at 3:37 PM, John Gordon wrote: >>>>> >>>>>> Steve, are you also adding the entries for people who haven't yet >>>> renewed their certs? >>>>> >>>>> Yes. >>>>> >>>>> To be precise it's the people in the DB with a "CN=UK e-Science CA" >>>> who have not already added their 2B selves >>>>> already. The other dates such as the AUP signing date (valid for >> one >>>> year) are associated with the user rather >>>>> than the individual CA identity. >>>>> >>>>> So e.g if their "UK e-Science CA" is suspended because they have >> not >>>> signed the AUP recently enough then >>>>> there "2B" will be in the same state. They can use either identity >>>> now to sign the AUP at any point which will be on >>>>> both of themselves. >>>>> >>>>> Members can at their leisure switch their primary certificate to be >>>> "2B" and delete their old selves but other than for >>>>> the purposes of removing junk this is irrelevant if their old >> selves >>>> remain.. >>>>> >>>>> Maybe that makes sense. >>>>> >>>> >>>> I've just hit what sounds like the same problem with the gridpp voms >>>> server. >>>> >>>> I now have a 2B certificate. >>>> >>>> voms-proxy-init --voms snoplus.snolab.ca works fine. >>>> >>>> If I look at: >>>> >> https://voms.gridpp.ac.uk:8443/voms/snoplus.snolab.ca/register/start.ac >>>> tion >>>> >>>> There are things I can't see, and if I try to remove the pilot role >>>> from >>>> myself, I have Insufficient privileges. >>>> >>>> I can however see that the privileges were granted with the old CA. >>>> >>>> Is there something that can/should be done to the VOMS server - >>>> presumably I won't be the only one hitting this. >>>> >>>> Chris