Charles Bacon wrote: > Jim, do you have > any opinion about the merits of running as root vs. globus? The other > solution would have been to make root run the myproxy-admin-adduser > commands, but then root also has to be the one who sets up the simpleCA, > which seemed suboptimal to me.
I agree that running the myproxy-server as globus makes sense for the quickstart. I assume you've worked out the details of how the hostcert and hostkey need to be setup in this case. For the record, I recommend that production myproxy-server deployments run on a dedicated server with no other services running to provide the maximum isolation against attacks. Since the myproxy-server holds private keys, it's important that it be particularly well-protected. But, for the purposes of the quickstart, I think your approach is a good one, and I hope MyProxy makes the quickstart process work more smoothly. (And any suggestions on how we can improve MyProxy are most welcome.) -Jim
smime.p7s
Description: S/MIME Cryptographic Signature
