Hi John
Sorry I missed the specific context. I suspect not but perhaps Jens can comment as I believe he was going to follow up on it (after the LCG VOMS changes worked). Chris's ticket is the best way forwards (thanks Chris).
Jeremy
On 22 Mar 2012, at 14:10, John Gordon wrote:
> Jeremy, Chris was asking about the UK VOMS. Were the same changes made?
>
> John
>
>> -----Original Message-----
>> From: Testbed Support for GridPP member institutes [mailto:TB-
>> [log in to unmask]] On Behalf Of Jeremy Coles
>> Sent: 22 March 2012 14:09
>> To: [log in to unmask]
>> Subject: Re: Update on the CERN VOMS problem
>>
>> I think everyone should have got an email (easily missed) at the time
>> informing them of the change.
>>
>> Jeremy
>>
>>
>> On 22 Mar 2012, at 13:11, John Gordon wrote:
>>
>>> For the CERN and dteam VOMS, everyone with a valid UK old cert had
>> the new one added.
>>>
>>> John
>>>
>>>> -----Original Message-----
>>>> From: Testbed Support for GridPP member institutes [mailto:TB-
>>>> [log in to unmask]] On Behalf Of Christopher J.Walker
>>>> Sent: 22 March 2012 12:39
>>>> To: [log in to unmask]
>>>> Subject: Re: Update on the CERN VOMS problem
>>>>
>>>> On 14/12/11 14:50, Steve Traylen wrote:
>>>>> On Dec 14, 2011, at 3:37 PM, John Gordon wrote:
>>>>>
>>>>>> Steve, are you also adding the entries for people who haven't yet
>>>> renewed their certs?
>>>>>
>>>>> Yes.
>>>>>
>>>>> To be precise it's the people in the DB with a "CN=UK e-Science CA"
>>>> who have not already added their 2B selves
>>>>> already. The other dates such as the AUP signing date (valid for
>> one
>>>> year) are associated with the user rather
>>>>> than the individual CA identity.
>>>>>
>>>>> So e.g if their "UK e-Science CA" is suspended because they have
>> not
>>>> signed the AUP recently enough then
>>>>> there "2B" will be in the same state. They can use either identity
>>>> now to sign the AUP at any point which will be on
>>>>> both of themselves.
>>>>>
>>>>> Members can at their leisure switch their primary certificate to be
>>>> "2B" and delete their old selves but other than for
>>>>> the purposes of removing junk this is irrelevant if their old
>> selves
>>>> remain..
>>>>>
>>>>> Maybe that makes sense.
>>>>>
>>>>
>>>> I've just hit what sounds like the same problem with the gridpp voms
>>>> server.
>>>>
>>>> I now have a 2B certificate.
>>>>
>>>> voms-proxy-init --voms snoplus.snolab.ca works fine.
>>>>
>>>> If I look at:
>>>>
>> https://voms.gridpp.ac.uk:8443/voms/snoplus.snolab.ca/register/start.ac
>>>> tion
>>>>
>>>> There are things I can't see, and if I try to remove the pilot role
>>>> from
>>>> myself, I have Insufficient privileges.
>>>>
>>>> I can however see that the privileges were granted with the old CA.
>>>>
>>>> Is there something that can/should be done to the VOMS server -
>>>> presumably I won't be the only one hitting this.
>>>>
>>>> Chris
|