[gin-ops] RE: [gin-auth] VO name change

Cindy Zheng zhengc at sdsc.edu
Fri Mar 17 04:19:19 CST 2006 

Hi, Oscar,

I modified the VO name in the vomses file, but I get
"user unknown to this VO" when run voms-proxy-init. 
Did you add SDSC cert files in the new VO server?
Or did I missed something? Here is the vomses file 
and voms-proxy-init output:

[zhengc at rocks-52 vomsdir]$ cat /opt/glite/etc/vomses/gin.ggf.org 
"gin.ggf.org" "kuiken.nikhef.nl" "15050"
"/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=kuiken.nikhef.nl" "gin.ggf.org"

[zhengc at rocks-52 vomsdir]$ voms-proxy-init --debug --voms gin.ggf.org
Detected Globus version: 22
Unspecified proxy version, settling on Globus version: 2
Number of bits in key :512
Using configuration file /opt/glite/etc/vomses
Using configuration file /opt/glite/etc/vomses
Files being used:
 CA certificate file: none
 Trusted certificates directory : /etc/grid-security/certificates
 Proxy certificate file : /home/zhengc/.globus/.proxy
 User certificate file: /home/zhengc/.globus/usercert.pem
 User key file: /home/zhengc/.globus/userkey.pem
Output to /home/zhengc/.globus/.proxy
Your identity: /C=US/O=SDSC/OU=SDSC/CN=Cindy Zheng/USERID=zhengc
Enter GRID pass phrase:
Creating temporary proxy to /tmp/tmp_x509up_u502_21548
.......++++++++++++
...........................................++++++++++++
 Done
Contacting  kuiken.nikhef.nl:15050
[/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=kuiken.nikhef.nl] "gin.ggf.org"
Error: gin.ggf.org: User unknown to this VO.

> -----Original Message-----
> From: owner-gin-auth at ggf.org [mailto:owner-gin-auth at ggf.org] 
> On Behalf Of Oscar Koeroo
> Sent: Tuesday, March 14, 2006 6:09 AM
> To: gin-auth at ggf.org
> Subject: [gin-auth] VO name change
> 
> 
> Hello everybody,
> 
> The GIN VO name has been change from 'GIN-GGF-ORG' to 
> 'gin.ggf.org' with 
> the approval of the security area directroy to use the 
> ggf.org domain name.
> All other configurations and registration have stayed persistently. 
> Which means, the same portnumbers do apply on the same server 
> with the 
> same certificate.
> 
> Though the web site as been move to:
> https://kuiken.nikhef.nl:8443/voms/gin.ggf.org/
> 
> The configuration for the vomses file has change to:
> 
> "gin.ggf.org" "kuiken.nikhef.nl" "15050" 
> "/O=dutchgrid/O=hosts/OU=nikhef.nl/CN=kuiken.nikhef.nl" "gin.ggf.org"
> 
> And also the legacy support interface for mkgridmap has also 
> changed with the URL change to:
> group vomss://kuiken.nikhef.nl:8443/voms/gin.ggf.org  .gin.ggf.org
> 
> 
> 
>     Oscar - /gin.ggf.org/Role=VO-Admin
> 
> 
> Oscar Koeroo wrote:
> 
> > which means that I'll change the GIN-GGF-ORG VO name to:       
> > "gin.ggf.org"
> > ... if one or both security area directors approve with the 
> change and 
> > use of the "ggf.org" domain as a suffix to the GIN VO.
> >
> >    Oscar
> >
> >
> > Von Welch wrote:
> >
> >>
> >> Works for me.
> >>
> >> Von
> >>
> >>
> >> On Mar 13, 2006, at 12:42 PM, Olle Mulmo wrote:
> >>
> >>>
> >>> FYI,
> >>>
> >>> This was discussed (again) at two consecutive EGEE 
> meetings at CERN  
> >>> last week, ending in the draft text proposed below.
> >>>
> >>> /Olle
> >>>
> >>>
> >>> VO Naming
> >>> ---------
> >>> The VO name is a string, used to represent the VO in all 
> interactions
> >>> with grid software, such as in expressions of policy and access  
> >>> rights.
> >>>
> >>> The VO name MUST be formatted as a subdomain name as specified in
> >>> RFC 1034 section 3.5. The VO Manager of a VO using a 
> thus-formatted  
> >>> name
> >>> MUST be entitled to the use of this name, when interpreted as a  
> >>> name in the Internet Domain Name System.
> >>> This entitlement MUST stem either from a direct 
> delegation of the  
> >>> corresponding name in the Domain Name System by an accredited  
> >>> registrar for
> >>> the next-higher level subdomain, or from a direct 
> delegation of the
> >>> equivalent name in the Domain Name System by ICANN, or from the  
> >>> consent
> >>> of the administrative or operational contact of the next-higher  
> >>> equivalent
> >>> subdomain name for that VO name that itself is registered 
> with such an
> >>> accredited registrar.
> >>>
> >>> Considering that RFC1034 section 3.5 states that both upper case  
> >>> and lower
> >>> case letters are allowed, but no significance is to be 
> attached to  
> >>> the case,
> >>> but that today the software handling VO names may still be case  
> >>> sensisitive,
> >>> all VO names MUST be entirely in lower case.
> >>>
>

More information about the gin-ops mailing list