 |
 |
Jeremy, Chris was asking about the UK VOMS. Were the same changes made? John > -----Original Message----- > From: Testbed Support for GridPP member institutes [mailto:TB- > [log in to unmask]] On Behalf Of Jeremy Coles > Sent: 22 March 2012 14:09 > To: [log in to unmask] > Subject: Re: Update on the CERN VOMS problem > > I think everyone should have got an email (easily missed) at the time > informing them of the change. > > Jeremy > > > On 22 Mar 2012, at 13:11, John Gordon wrote: > > > For the CERN and dteam VOMS, everyone with a valid UK old cert had > the new one added. > > > > John > > > >> -----Original Message----- > >> From: Testbed Support for GridPP member institutes [mailto:TB- > >> [log in to unmask]] On Behalf Of Christopher J.Walker > >> Sent: 22 March 2012 12:39 > >> To: [log in to unmask] > >> Subject: Re: Update on the CERN VOMS problem > >> > >> On 14/12/11 14:50, Steve Traylen wrote: > >>> On Dec 14, 2011, at 3:37 PM, John Gordon wrote: > >>> > >>>> Steve, are you also adding the entries for people who haven't yet > >> renewed their certs? > >>> > >>> Yes. > >>> > >>> To be precise it's the people in the DB with a "CN=UK e-Science CA" > >> who have not already added their 2B selves > >>> already. The other dates such as the AUP signing date (valid for > one > >> year) are associated with the user rather > >>> than the individual CA identity. > >>> > >>> So e.g if their "UK e-Science CA" is suspended because they have > not > >> signed the AUP recently enough then > >>> there "2B" will be in the same state. They can use either identity > >> now to sign the AUP at any point which will be on > >>> both of themselves. > >>> > >>> Members can at their leisure switch their primary certificate to be > >> "2B" and delete their old selves but other than for > >>> the purposes of removing junk this is irrelevant if their old > selves > >> remain.. > >>> > >>> Maybe that makes sense. > >>> > >> > >> I've just hit what sounds like the same problem with the gridpp voms > >> server. > >> > >> I now have a 2B certificate. > >> > >> voms-proxy-init --voms snoplus.snolab.ca works fine. > >> > >> If I look at: > >> > https://voms.gridpp.ac.uk:8443/voms/snoplus.snolab.ca/register/start.ac > >> tion > >> > >> There are things I can't see, and if I try to remove the pilot role > >> from > >> myself, I have Insufficient privileges. > >> > >> I can however see that the privileges were granted with the old CA. > >> > >> Is there something that can/should be done to the VOMS server - > >> presumably I won't be the only one hitting this. > >> > >> Chris