Bug #21982
Pilot proxies could be generated with invalid VOMS ACs
Start date:
02/26/2019
Due date:
% Done:
0%
Estimated time:
First Occurred:
Occurs In:
Stakeholders:
Description
A proxy's VOMS AC is validated from:
1. A lookup of the VO name + VOMS URI (excluding the port) to find the
corresponding .lsc file in '/etc/grid-security/vomsdir'
2. The cert chain from the .lsc file is compared to and used to verify
the issuer
If a VO has multiple entries in the VOMS configuration, a proxy may be
generated with a mismatched URI + issuer.
History
#1 Updated by Marco Mambelli 9 months ago
- Assignee changed from Brian Lin to Marco Mambelli
- Status changed from New to Feedback
Changes in v3/21982
#2 Updated by Marco Mambelli 9 months ago
- Status changed from Feedback to Resolved
Added enforcement of absolute imports and merged.
#3 Updated by Marco Mambelli 8 months ago
- Status changed from Resolved to Closed