[gin-auth] Heads-up for RFC proxies and VOMS ACs
Mike 'Mike' Jones
mike.jones at manchester.ac.uk
Tue Jun 6 04:57:39 CDT 2006
Just to let you know that due to a bug in gLite 1.5 and earlier:
VOMS attribute certificates as issued by the current instance of the
gin.ggf.org VOMS cannot work inside an RFC proxy certificate due to the
Holder section of the attribute certificate being set to the wrong DN and
RFC proxies requiring different serial numbers.
This I believe is fixed in the gLite 3.0 VOMS server (vomsd needing to be
run with the --newformat option). gLite 3.0 VOMS aware services recognise
both the 'old' (broken) and 'new' formats.
This does not affect systems that currently construct a grid-mapfile for
the purposes of authorisation.
Mike
--
http://www.sve.man.ac.uk/General/Staff/jonesM/
More information about the gin-auth
mailing list