[gin-auth] Re: Nightly cron for DN list dump ?
Dane Skow
skow at mcs.anl.gov
Mon Mar 20 10:27:12 CST 2006
WooHoo !! Trying for TRIPLE POINTS, I give you Oscar Koeroo !!
Hat's off to you Oscar ! I see the webpage (nice variety of
registrants already!) but
I'm not even able to test all the advanced modes myself to do the
scoring ! Judges ?
Stephen got me registered as an admin on the Wiki so I'll see if I
can get this listed there today (and for my difficulty bonus I'll try
to edit the GIN GridForge page to link in the Wiki ;-).
Thanks !!
Dane
On Mar 17, 2006, at 6:42 AM, Oscar Koeroo wrote:
> Hi Dane and others,
>
> I've create a crontab to supply a non-secured grid-mapfile. The
> crontab is set to execute each 6 hours of each day to provide the
> controlled priviledge leak :-)
> The location is here: http://kuiken.nikhef.nl/gin.ggf.org/grid-mapfile
>
> I've also written my first RSS file. I hope I have understood the
> standard correctly.
> The feed contains two channels "unsecured_gin.ggf.org" and
> "secured_gin.ggf.org". Both have simulair settings, but the secured
> is using the direct weblink that will be used by the mkgridmap
> script to the XML though an HTTPS connection and the other is my
> crontab-created grid-mapfile.
>
> It seems that Thunderbird has a minor bug. I get two messages there
> but both are listed as Sended by 'unsecured_gin.ggf.org', clicking
> on them work perfectly. The secure connection need a valid
> certificate to mutually authenticate the content of the feed, de
> default error is -12229. This is good behaviour :-)
> ps: I'll not update the secured feed because it is linked to the
> direct database list creation method on the VOMS Admin.
>
> Comments/improvements are always welcome.
>
>
> Oscar - your feeding VO-Admin
>
>
>
> Dane Skow wrote:
>
>>
>> Oscar,
>>
>> Would it be possible to setup a nightly cronjob to dump the DN
>> list from this VOMS server to a webpage someplace ? That way
>> anyone who has not setup the edg-makegridmapfile scripts or
>> equivalent automata can grab the list and manage the appropriate
>> snippet for a gridmapfile by hand ? That helps lower the bar for
>> bootstrapping one more notch.
>>
>> The UK folks have offered their WIKI server as a headquarters for
>> this kind of contributed links. I'll send info (or Stephen will
>> directly) with the link soon.
>>
>> Double Bonus points if you make the webpage an RSS feed ;-)) (so
>> one can get notice of updates)
>>
>> Cheers,
>> Dane
>>
>> On Mar 14, 2006, at 8:09 AM, Oscar Koeroo wrote:
>>
>>> Hello everybody,
>>>
>>> The GIN VO name has been change from 'GIN-GGF-ORG' to
>>> 'gin.ggf.org' with the approval of the security area directroy
>>> to use the ggf.org domain name.
>>> All other configurations and registration have stayed
>>> persistently. Which means, the same portnumbers do apply on the
>>> same server with the same certificate.
>>>
>>> Though the web site as been move to:
>>> https://kuiken.nikhef.nl:8443/voms/gin.ggf.org/
>>>
>>> The configuration for the vomses file has change to:
>>>
>>> "gin.ggf.org" "kuiken.nikhef.nl" "15050" "/O=dutchgrid/O=hosts/
>>> OU=nikhef.nl/CN=kuiken.nikhef.nl" "gin.ggf.org"
>>>
>>> And also the legacy support interface for mkgridmap has also
>>> changed with the URL change to:
>>> group vomss://kuiken.nikhef.nl:8443/voms/gin.ggf.org .gin.ggf.org
>>>
>>>
>>>
>>> Oscar - /gin.ggf.org/Role=VO-Admin
>>>
>>>
>>> Oscar Koeroo wrote:
>>>
>>>> which means that I'll change the GIN-GGF-ORG VO name to:
>>>> "gin.ggf.org"
>>>> ... if one or both security area directors approve with the
>>>> change and use of the "ggf.org" domain as a suffix to the GIN VO.
>>>>
>>>> Oscar
>>>>
>>>>
>>>> Von Welch wrote:
>>>>
>>>>>
>>>>> Works for me.
>>>>>
>>>>> Von
>>>>>
>>>>>
>>>>> On Mar 13, 2006, at 12:42 PM, Olle Mulmo wrote:
>>>>>
>>>>>>
>>>>>> FYI,
>>>>>>
>>>>>> This was discussed (again) at two consecutive EGEE meetings
>>>>>> at CERN last week, ending in the draft text proposed below.
>>>>>>
>>>>>> /Olle
>>>>>>
>>>>>>
>>>>>> VO Naming
>>>>>> ---------
>>>>>> The VO name is a string, used to represent the VO in all
>>>>>> interactions
>>>>>> with grid software, such as in expressions of policy and
>>>>>> access rights.
>>>>>>
>>>>>> The VO name MUST be formatted as a subdomain name as specified in
>>>>>> RFC 1034 section 3.5. The VO Manager of a VO using a thus-
>>>>>> formatted name
>>>>>> MUST be entitled to the use of this name, when interpreted as
>>>>>> a name in the Internet Domain Name System.
>>>>>> This entitlement MUST stem either from a direct delegation of
>>>>>> the corresponding name in the Domain Name System by an
>>>>>> accredited registrar for
>>>>>> the next-higher level subdomain, or from a direct delegation
>>>>>> of the
>>>>>> equivalent name in the Domain Name System by ICANN, or from
>>>>>> the consent
>>>>>> of the administrative or operational contact of the next-
>>>>>> higher equivalent
>>>>>> subdomain name for that VO name that itself is registered
>>>>>> with such an
>>>>>> accredited registrar.
>>>>>>
>>>>>> Considering that RFC1034 section 3.5 states that both upper
>>>>>> case and lower
>>>>>> case letters are allowed, but no significance is to be
>>>>>> attached to the case,
>>>>>> but that today the software handling VO names may still be
>>>>>> case sensisitive,
>>>>>> all VO names MUST be entirely in lower case.
>>>>>>
>>>
>
More information about the gin-auth
mailing list