Hi,
If someone has already worked them out could the post the relavant lines
from site-info.def.
Thanks,
Chris.
> -----Original Message-----
> From: Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Graeme Stewart
> Sent: 24 May 2007 16:11
> To: [log in to unmask]
> Subject: Issues from lcg-voms.cern.ch certificate change
>
> Folks
>
> Please note that on your UI and RBs it is necessary to change the DN
> of lcg-voms.cern.ch as given below.
>
> This applies to VOMS servers for dteam, atlas, cms, alice, lhcb (and
> less importantly ops).
>
> Other issues:
>
> 1. The central LFC for dteam (at least) does not recognise proxies
> signed by lcg-voms.cern.ch. See
> https://gus.fzk.de/ws/ticket_info.php?
> ticket=22426.
>
> 2. The VOMS DNs given by yaimtool (https://lcg-sft.cern.ch/yaimtool/
> yaimtool.py) are wrong. See https://gus.fzk.de/ws/ticket_info.php?
> ticket=22444.
>
> 3. The VOMS DNs given in various YAIM example files are wrong. See
> https://gus.fzk.de/ws/ticket_info.php?ticket=22445.
>
> Cheers
>
> Graeme
>
> Begin forwarded message:
>
> > From: Graeme Stewart <[log in to unmask]>
> > Date: 24 May 2007 15:50:24 BDT
> > To: [log in to unmask]
> > Subject: Re: [Scotgrid-tech-discuss] Fwd: LAST WARNING: lcg-
> > voms.cern.ch certificate will be changed on May 24th!
> >
> > Ah yes, well spotted.
> >
> > Can everyone please make sure their VOMS file for dteam-lcg-
> > voms.cern.ch is:
> >
> > "dteam" "lcg-voms.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/
> > CN=lcg-voms.cern.ch" "dteam"
> >
> > i.e., with the DN updated.
> >
> > N.B. this needs to be changed in /opt/edg/etc/vomses and
> /opt/glite/
> > etc/vomses so that both versions of voms-proxy-init (edg and glite
> > flavours) work.
> >
> > Speaking to Greig has revealed that neither of us can get a proxy
> > from voms.cern.ch, despite having the same configuration as
> Matt in
> > Lancaster - this turned out to be an issue with the DN of
> > voms.cern.ch changing way back last year. The correct
> configuration
> > is:
> >
> > "dteam" "voms.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/
> > CN=voms.cern.ch" "dteam"
> >
> > And why was this? Because it's wrong in the VOs.def example
> > distributed with YAIM. (It's correct in the sample site-info.def -
> > but hard to pick up on that fact when trying to track changes.)
> >
> > The correct site-info.def entry is:
> >
> > VO_DTEAM_VOMSES="'dteam lcg-voms.cern.ch 15004 /DC=ch/DC=cern/
> > OU=computers/CN=lcg-voms.cern.ch dteam' 'dteam voms.cern.ch 15004
> > DC=ch/DC=cern/OU=computers/CN=voms.cern.ch dteam'"
> >
> > N.B. it's also wrong in yaimtool (https://lcg-sft.cern.ch/yaimtool/
> > yaimtool.py).
> >
> > I will raise a ticket about the poor information - in the meantime
> > can you all ensure that your vomses directories contain the
> correct
> > information...
> >
> > Oh bugger, in fact it's the wrong DN for all of the LHC VOs now.
> >
> > I offer the following, to be run in /opt/{glite,edg}/etc/vomses:
> >
> > # perl -i.bak -pe 's/\/C=CH\/O=CERN\/OU=GRID\/CN=host\//\/DC=ch\/
> > DC=cern\/OU=computers\/CN=/' *
> >
> > Cheers
> >
> > Graeme
> >
> > On 24 May 2007, at 11:51, sskipsey wrote:
> >
> >> Graeme - I believe so. I have the emails you sent around
> >> originally on the issue.
> >>
> >> By the way, I noticed that I didn't /just/ have to install
> the new
> >> voms certificates - I also had to change the contents of some of
> >> the vomses files in /opt/edg/etc/vomses/
> >> I may have missed this being given as an instruction, but I
> >> thought I'd mention it.
> >>
> >> Sam
>
> --
> Dr Graeme Stewart - http://wiki.gridpp.ac.uk/wiki/User:Graeme_stewart
> ScotGrid - http://www.scotgrid.ac.uk/ http://scotgrid.blogspot.com/
>
|