On Thu, Aug 14, 2008 at 3:03 AM, arpit jain <[EMAIL PROTECTED]> wrote: > > I have issued following voms-proxy-init: > voms-proxy-init --voms test_vo_mysql:/test_vo_mysql/Role=VO-Admin > > Is there any way to specify attribute "ID" in the "voms-proxy-init" command?
I'm no VOMS expert, so I'll have to defer to someone else, but I believe VOMS is limited to fully qualified attribute names (FQANs) of the form: /vo-name/group-name/Role=some-role/Capability=some-capability where the group-name is optional, and some-role and some-capability may be NULL. > I think if I specify "ID" in the "voms-proxy-init" command, then only PIP > will read it. Why speculate? Just do it and see what happens. > I have put following lines in Policy file: > /test_vo_mysql/Role=VO-Admin > /test_vo_mysql/ID=105 This should be very easy to test. Just specify the latter attribute in the voms-proxy-init command and see if it works. > I guess it is reading the PolicyFile correctly but not using the attributes > "ID" defined in it to authorize. The voms-proxy-init command and the logs you posted indicated there was no ID attribute in the VOMS proxy, so in that sense the software is doing exactly what it's supposed to do. > I think PIP is taking only > "/test_vo_mysql/Role=VOAdmin" FQAN from proxy? It is not taking the > attribute "ID". The FQAN listed above is the only attribute in the VOMS proxy, there was no ID attribute that I could see. > Any idea how to do that? Specify the ID attribute on the voms-proxy-init command line and rerun the entire experiment. Good luck, Tom
