Project

General

Profile

Bug #21982

Pilot proxies could be generated with invalid VOMS ACs

Added by Brian Lin 6 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Category:
Frontend
Target version:
Start date:
02/26/2019
Due date:
% Done:

0%

Estimated time:
First Occurred:
Occurs In:
Stakeholders:
Duration:

Description

A proxy's VOMS AC is validated from:

1. A lookup of the VO name + VOMS URI (excluding the port) to find the
corresponding .lsc file in '/etc/grid-security/vomsdir'
2. The cert chain from the .lsc file is compared to and used to verify
the issuer

If a VO has multiple entries in the VOMS configuration, a proxy may be
generated with a mismatched URI + issuer.

History

#1 Updated by Marco Mambelli 6 months ago

  • Assignee changed from Brian Lin to Marco Mambelli
  • Status changed from New to Feedback

Changes in v3/21982

#2 Updated by Marco Mambelli 5 months ago

  • Status changed from Feedback to Resolved

Added enforcement of absolute imports and merged.

#3 Updated by Marco Mambelli 5 months ago

  • Status changed from Resolved to Closed


Also available in: Atom PDF