The following plugins need to be rewritten as they do not work with multiple trust methods/authentication:
#2 Updated by John Weigand almost 9 years ago
Can you identify
1. how many proxies you need to use
2. where they are
I can then configure a gums server to
authorize them... probably cms-xen12
Unless we want to create a whole bunch of new
ones, I think we can use existing service certificates
which most nodes have. I have the following available:
1. I have 2 that I had created for glidein proxy testing
2. About 9 http certs from each of my nodes that can be used.
A couple questions related to how I set them up in GUMS...
1. Do they need to map to different users in order to verify
they are being used correctly? If so, then the entry point
will need to add these "test" accunts. No problem. Just
need to know.
2. Will glexec be involved?
I am assuming these just need to be tested against a single
entry point (ie. CE). Does that CE need a greater than 1 WN cluster?
That is, do we need to see them being used concurrently?
#3 Updated by John Weigand almost 9 years ago
I now have the certs ready. When you get a chance, can you authorize them for a gums server and allow them on a CE under your control?
That would be fantastic and allow me to test the proxy plugins. I think they can all map to the same user on the CE.
As long as they are authorized for your CE and I can voms-proxy-init to generate a proxy for the CE, I don't think the VO you use matters either.
The issuer for all these is "DC=org, DC=DOEGrids, OU=Certificate Authorities, CN=DOEGrids CA 1".
Let me know if you have any questions or need any additional information.
#4 Updated by John Weigand almost 9 years ago
All my gums servers and CE nodes should be set up
to use those certificates. They will map to unix
You mention using a voms-proxy-init.
Did you really me grid-proxy-init?
If not and you need to test voms proxies, I will
need to set up one of the voms nodes to allow for that.
Let me know if you have any authorization problems.
#5 Updated by Douglas Strain almost 9 years ago
I have tested all the various proxy plugins, and they now seem to work for the test cases I've tried. I uncovered quite a few bugs and issues though, so I would not be surprised if more issues were uncovered once this gets wider testing, but I guess that's part of having a development branch. I think this is in good enough shape to proceed.