[gin-auth] VO name change
Cindy Zheng
zhengc at sdsc.edu
Fri Mar 17 04:19:19 CST 2006
Hi, Oscar,
I modified the VO name in the vomses file, but I get
"user unknown to this VO" when run voms-proxy-init.
Did you add SDSC cert files in the new VO server?
Or did I missed something? Here is the vomses file
and voms-proxy-init output:
[zhengc at rocks-52 vomsdir]$ cat /opt/glite/etc/vomses/gin.ggf.org
"gin.ggf.org" "kuiken.nikhef.nl" "15050"
"/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=kuiken.nikhef.nl" "gin.ggf.org"
[zhengc at rocks-52 vomsdir]$ voms-proxy-init --debug --voms gin.ggf.org
Detected Globus version: 22
Unspecified proxy version, settling on Globus version: 2
Number of bits in key :512
Using configuration file /opt/glite/etc/vomses
Using configuration file /opt/glite/etc/vomses
Files being used:
CA certificate file: none
Trusted certificates directory : /etc/grid-security/certificates
Proxy certificate file : /home/zhengc/.globus/.proxy
User certificate file: /home/zhengc/.globus/usercert.pem
User key file: /home/zhengc/.globus/userkey.pem
Output to /home/zhengc/.globus/.proxy
Your identity: /C=US/O=SDSC/OU=SDSC/CN=Cindy Zheng/USERID=zhengc
Enter GRID pass phrase:
Creating temporary proxy to /tmp/tmp_x509up_u502_21548
.......++++++++++++
...........................................++++++++++++
Done
Contacting kuiken.nikhef.nl:15050
[/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=kuiken.nikhef.nl] "gin.ggf.org"
Error: gin.ggf.org: User unknown to this VO.
> -----Original Message-----
> From: owner-gin-auth at ggf.org [mailto:owner-gin-auth at ggf.org]
> On Behalf Of Oscar Koeroo
> Sent: Tuesday, March 14, 2006 6:09 AM
> To: gin-auth at ggf.org
> Subject: [gin-auth] VO name change
>
>
> Hello everybody,
>
> The GIN VO name has been change from 'GIN-GGF-ORG' to
> 'gin.ggf.org' with
> the approval of the security area directroy to use the
> ggf.org domain name.
> All other configurations and registration have stayed persistently.
> Which means, the same portnumbers do apply on the same server
> with the
> same certificate.
>
> Though the web site as been move to:
> https://kuiken.nikhef.nl:8443/voms/gin.ggf.org/
>
> The configuration for the vomses file has change to:
>
> "gin.ggf.org" "kuiken.nikhef.nl" "15050"
> "/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=kuiken.nikhef.nl" "gin.ggf.org"
>
> And also the legacy support interface for mkgridmap has also
> changed with the URL change to:
> group vomss://kuiken.nikhef.nl:8443/voms/gin.ggf.org .gin.ggf.org
>
>
>
> Oscar - /gin.ggf.org/Role=VO-Admin
>
>
> Oscar Koeroo wrote:
>
> > which means that I'll change the GIN-GGF-ORG VO name to:
> > "gin.ggf.org"
> > ... if one or both security area directors approve with the
> change and
> > use of the "ggf.org" domain as a suffix to the GIN VO.
> >
> > Oscar
> >
> >
> > Von Welch wrote:
> >
> >>
> >> Works for me.
> >>
> >> Von
> >>
> >>
> >> On Mar 13, 2006, at 12:42 PM, Olle Mulmo wrote:
> >>
> >>>
> >>> FYI,
> >>>
> >>> This was discussed (again) at two consecutive EGEE
> meetings at CERN
> >>> last week, ending in the draft text proposed below.
> >>>
> >>> /Olle
> >>>
> >>>
> >>> VO Naming
> >>> ---------
> >>> The VO name is a string, used to represent the VO in all
> interactions
> >>> with grid software, such as in expressions of policy and access
> >>> rights.
> >>>
> >>> The VO name MUST be formatted as a subdomain name as specified in
> >>> RFC 1034 section 3.5. The VO Manager of a VO using a
> thus-formatted
> >>> name
> >>> MUST be entitled to the use of this name, when interpreted as a
> >>> name in the Internet Domain Name System.
> >>> This entitlement MUST stem either from a direct
> delegation of the
> >>> corresponding name in the Domain Name System by an accredited
> >>> registrar for
> >>> the next-higher level subdomain, or from a direct
> delegation of the
> >>> equivalent name in the Domain Name System by ICANN, or from the
> >>> consent
> >>> of the administrative or operational contact of the next-higher
> >>> equivalent
> >>> subdomain name for that VO name that itself is registered
> with such an
> >>> accredited registrar.
> >>>
> >>> Considering that RFC1034 section 3.5 states that both upper case
> >>> and lower
> >>> case letters are allowed, but no significance is to be
> attached to
> >>> the case,
> >>> but that today the software handling VO names may still be case
> >>> sensisitive,
> >>> all VO names MUST be entirely in lower case.
> >>>
>
More information about the gin-auth
mailing list