Bug #21982: Pilot proxies could be generated with invalid VOMS ACs - GlideinWMS - Fermilab Redmine

Bug #21982

Pilot proxies could be generated with invalid VOMS ACs

Added by Brian Lin almost 2 years ago. Updated almost 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Marco Mambelli

Category:

Frontend

Target version:

v3_4_4

Start date:

02/26/2019

Due date:

% Done:

Estimated time:

First Occurred:

3_2_22_2

Occurs In:

Stakeholders:

Duration:

Description

A proxy's VOMS AC is validated from:

1. A lookup of the VO name + VOMS URI (excluding the port) to find the
corresponding .lsc file in '/etc/grid-security/vomsdir'
2. The cert chain from the .lsc file is compared to and used to verify
the issuer

If a VO has multiple entries in the VOMS configuration, a proxy may be
generated with a mismatched URI + issuer.

History

#1 Updated by Marco Mambelli almost 2 years ago

Assignee changed from Brian Lin to Marco Mambelli
Status changed from New to Feedback

Changes in v3/21982

#2 Updated by Marco Mambelli almost 2 years ago

Status changed from Feedback to Resolved

Added enforcement of absolute imports and merged.

#3 Updated by Marco Mambelli almost 2 years ago

Status changed from Resolved to Closed

Also available in: Atom PDF

Project

General

Profile

GlideinWMS

Issues