[gin-auth] Heads-up for RFC proxies and VOMS ACs
vincenzo.ciaschini at cnaf.infn.it
vincenzo.ciaschini at cnaf.infn.it
Thu Jun 8 08:41:58 CDT 2006
One correction: this is already present in the gLite 1.5 VOMS server
(corresponding to 1.6.10 VOMS version, and therefore also on those that have
been tested up to now by the gin group.
Bye,
Vincenzo
Quoting Mike 'Mike' Jones <mike.jones at manchester.ac.uk>:
>
> Just to let you know that due to a bug in gLite 1.5 and earlier:
> VOMS attribute certificates as issued by the current instance of the
> gin.ggf.org VOMS cannot work inside an RFC proxy certificate due to
> the Holder section of the attribute certificate being set to the
> wrong DN and RFC proxies requiring different serial numbers.
>
> This I believe is fixed in the gLite 3.0 VOMS server (vomsd needing
> to be run with the --newformat option). gLite 3.0 VOMS aware services
> recognise both the 'old' (broken) and 'new' formats.
>
> This does not affect systems that currently construct a grid-mapfile
> for the purposes of authorisation.
>
> Mike
>
> --
> http://www.sve.man.ac.uk/General/Staff/jonesM/
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the gin-auth
mailing list