On 17 Nov 2011, at 17:50, Ewan MacMahon wrote:
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of Christopher J.Walker
>>
>> On 17/11/11 17:21, Stuart Purdie wrote:
>>>
>>> Try asking for a long lived ( e.g. 7 days) voms proxy, and see what the
>> voms-attributes length end up as. That's as long as it'll go. If it's 48
>> hours, that might just be enough, whilst keeping it simple.
>>
>> We need a recipe for this - I've been asked by snoplus how to do this.
>>
> Something like this:
> voms-proxy-init --valid 72:00 --voms vo.southgrid.ac.uk
> will request it, but the voms server is allowed to return a less long
> lived one if it wants, so doing that for Southgrid gets a 24 hour
> voms attribute.
> There's also a '-noregen' option to voms-proxy-init that makes it
> contact the voms server to re-sign the existing grid proxy. I don't
> know if that could be used with the proxies retrieved from myproxy?
WMS/CE does that bit for you, so most use cases end users shouldn't need that. (But yes, that's essentially how the WMS/CE stuff does it. It's also a way to stuff many VOMS attributes on the same cert, which is always a source of joy and laughter when various bits of middleware handle it slightly differently...)
|