Fwd: [gin-auth] [Fwd: gsi proxy compatibility test]

Olle Mulmo mulmo at pdc.kth.se
Fri Mar 24 21:56:04 CST 2006 

Alex,

Belated reply... I don't know of any gridftp implementations that won't understand the GT2 format, so if we "ignore" this problem for now then things will "just work" out of the box.

I have a strong personal conviction however that we should put in the extra effort to eradicate those older proxy formats for the cross-deployment messages - and this is also what the the auth group proposed in Athens. In analogy, it has been proposed that JSDL should be used for job description (or at least that is my understanding).

/Olle

________________ Reply Header ________________
Subject:	Re: Fwd: [gin-auth] [Fwd: gsi proxy compatibility test]
Author:	"Alex Sim" <ASim at lbl.gov>
Date:		16th March 2006 7:26:36 am

Olle,
we have GT2, GT3/4, and different grdftp implementations servers, who
knows what clients...
It sounds like a bigger problem than what I have thought in reality
because gt2/3 cannot handle, and we don't know if different independent
implementations can handle...
isn't that why the interop "testing" should include this proxy handling?
--Alex


Olle Mulmo wrote:
>
> Forgot to add you...
>
> /O
>
> Begin forwarded message:
>
>> From: Olle Mulmo <mulmo at pdc.kth.se>
>> Date: March 16, 2006 10:03:03 GMT+01:00
>> To: Erwin Laure <Erwin.Laure at cern.ch>
>> Cc: Olle Mulmo <mulmo at pdc.kth.se>, gin-auth at ggf.org
>> Subject: Re: [gin-auth] [Fwd: gsi proxy compatibility test]
>>
>>
>> I believe GIN-auth recommended that RFC compliant proxies should be
>> used.
>>
>> In practice, this means that software from any GT2 or GT3
>> distributions will _not_ be able to handle this proxy format, whereas
>> the same libraries shipped with GT4 (and also native openssl 0.9.7g
>> and beyond) can.
>>
>> Note also that in GT4.0.x, the grid-proxy-init command line tool does
>> not  generate RFC-compliant proxies by default for backwards
>> compatibility reasons:
>>
>> You have to type "grid-proxy-init -rfc"
>>
>> /Olle
>>
>> On Mar 16, 2006, at 08:49, Erwin Laure wrote:
>>
>>> Not sure this message went through.
>>>
>>> Cheers,
>>>
>>> -- Erwin
>>>
>>> -------- Original Message --------
>>> Subject:     gsi proxy compatibility test
>>> Date:     Wed, 15 Mar 2006 12:45:28 -0800
>>> From:     Alex Sim <asim at lbl.gov>
>>> Reply-To:     <asim at lbl.gov>
>>> Organization:     Lawrence Berkeley National Laboratory
>>> To:     <gin-auth at ggf.org>
>>> CC:     <asim at lbl.gov>, "'Erwin Laure'" <Erwin.Laure at cern.ch>
>>>
>>>
>>>
>>> I have not been subscribing to this mailing list, and I'm not sure
>>> if this issue has been discussed previously.
>>>  From GIN-DATA mailing list, we came across that GSI proxy format
>>> compatibility testing needs to be addressed.
>>> In many practices, gsi proxy format is not compatible and different
>>> version and implementations of gridftp servers reject the
>>> authentication
>>> without too much clue. So, if it could be tested as gridftp
>>> interoperability, it'll be great.
>>>
>>> --Alex
>>>
>>
>

More information about the gin-auth mailing list