[gt-user] Re: problem in voms-proxy-init

Vincenzo Ciaschini Thu, 18 Sep 2008 08:54:51 -0700

arpit jain wrote:

hiii


Thanks a TON!!!!!!!!!!!!!
So you mean if I want to specify multiple Roles then I have to use VOMS
Version 1.7 or less because I guess I can specify multiple Roles with
version below 1.7 or less.
Please correct me if I am wrong.

Yes.  Or you can use voms 1.8 as soon as the certification succeeds.

Multiple roles are supported in all versions of VOMS, but are subject toa bug in the most recent released version. This bug has been fixed, andthe next version out of certification will once again fully supportmultiple roles.


Ciao,
   Vincenzo


Thanks once again
Arpit

On Thu, Sep 18, 2008 at 8:52 PM, Vincenzo Ciaschini <
[EMAIL PROTECTED]> wrote:

This bug:
https://savannah.cern.ch/bugs/?39625

Currently undergoing certification.

Ciao,
  Vincenzo


arpit jain wrote:

Hii

I just went through the Server log and it is like that:

*Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25331]:
msg="LOG_INFO:STARTUP:Listen (Server.cpp:361):Received connection from:
192.168.63.92:30360."
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25331]:
msg="LOG_INFO:REQUEST:Run (vomsd.cc:598):Starting Executor with pid =
25349"
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_INFO:REQUEST:Run (vomsd.cc:610):Self    : /C=IN/O=C-DAC KP
Bangalore/OU=CTSF/CN=host/vipulb.cdacb.ernet.in"
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_INFO:REQUEST:Run (vomsd.cc:611):Self CA : /C=IN/O=C-DAC KP
Bangalore/OU=CTSF/CN=C-DAC KP CA"
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_INFO:REQUEST:Run (vomsd.cc:618):At: Thu Sep 18 20:22:23 2008.
Received Contact :"
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_INFO:REQUEST:Run (vomsd.cc:619): user: /C=IN/O=C-DAC KP
Bangalore/OU=CTSF/OU=ctsf.cdac.org.in/CN=Shamjith K V"
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_INFO:REQUEST:Run (vomsd.cc:620): ca  : /C=IN/O=C-DAC KP
Bangalore/OU=CTSF/CN=C-DAC KP CA"
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_INFO:REQUEST:Run (vomsd.cc:621): serial: 0183"
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1."
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_ERROR:STARTUP:my_recv (globuswrap.c:112):trueres = 1."
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_INFO:REQUEST:Execute (vomsd.cc:740):Userid = "4""
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_INFO:REQUEST:Execute (vomsd.cc:749):Next command :
B/trial:Normal-user"
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_INFO:RESULT:Execute (vomsd.cc:970):Request Result: /trial"
Thu Sep 18 20:22:23 2008:192.168.61.197:vomsd[25349]:
msg="LOG_INFO:RESULT:Execute (vomsd.cc:970):Request Result:
/trial/Role=Normal-user"*

As you can see in the last few lines the server is just accepting the
"Normal-user" role and it is not accepting the second role from user.

What can be the possible reason??

Thanks
Arpit


On Thu, Sep 18, 2008 at 8:04 PM, arpit jain <[EMAIL PROTECTED]>
wrote:

 hiii..

My DB is perfectly up-to-date and it is showing 2 roles for that
particular
user but due to some unknown reason I am not getting those 2 roles in
Proxy.

Did u find anything wrong in the output of "voms-proy-init" which I
mailed
you earlier???
I saw a thread posted by you  regarding the same problem in which you
asked
to check the version of  "VOMS" and then you asked to restart  the VOMS
-Core service. I restarted the Service many times but to no effect and
the
output of

[*opt/glite/sbin]./voms -version
voms
Version: 1.8.3
Compiled: May 13 2008 18:35:09

*Thanks
Arpit
*

*


On Thu, Sep 18, 2008 at 7:55 PM, Vincenzo Ciaschini <
[EMAIL PROTECTED]> wrote:

 arpit jain wrote:

 On Thu, Sep 18, 2008 at 7:25 PM, Vincenzo Ciaschini <

[EMAIL PROTECTED]> wrote:

 arpit jain wrote:

Hii

The reason for using non-standard location for certificate is that I
am
using proxy certificate given by MYPROXY Server which gets created in
/tmp/x509_u**** instead of globus certificate i.e. usercert.pem.

The location of vomses file is also non-standard because I have
VOMS-client
i.e. (voms-proxy-init) installed in my HOME directory instead of
/opt/glite/.

Any other possible reason for not getting the desired result??

 What do you *exactly* have in your DB?

*I have Normal-user in my Database so thats not at all a problem.*

 What is the *exact* output of voms-proxy-init?

*Output of voms-proxy-init:

voms-proxy-init -debug  --voms trial:/trial/Role=Normal-user --voms
trial:/trial/Role=Developer -out vomsproxy -cert /tmp/x509up_u8085
-vomses
/home/tools/shamjit/vomsclient/vomses

Detected Globus version: 22
Unspecified proxy version, settling on Globus version: 2
Number of bits in key :512
Using configuration file /home/tools/shamjit/vomsclient/vomses
Files being used:
 CA certificate file: none
 Trusted certificates directory : /etc/grid-security/certificates
 Proxy certificate file : vomsproxy
 User certificate file: /tmp/x509up_u8085
 User key file: /tmp/x509up_u8085
Output to vomsproxy
Your identity: /C=IN/O=C-DAC KP Bangalore/OU=CTSF/OU=
ctsf.cdac.org.in/CN=Shamjith K V/CN=proxy/CN=proxy/CN=proxy
Using configuration file /home/tools/shamjit/vomsclient/vomses
Using configuration file /home/tools/shamjit/vomsclient/vomses
Creating temporary proxy to /tmp/tmp_x509up_u8085_29377
.................++++++++++++
.........++++++++++++
 Done
Contacting  192.168.61.197:15000 [/C=IN/O=C-DAC KP
Bangalore/OU=CTSF/CN=host/vipulb.cdacb.ernet.in] "trial" Done
Creating proxy to vomsproxy .......................++++++++++++
................++++++++++++
 Done

Warning: your certificate and proxy will expire Thu Sep 18 21:55:21
2008
which is within the requested lifetime of the proxy*


 Remember that group and role names are case sensitive.

Are you sure the role name is Normal-user ad opposed to, for example,
Normal-User?

*I want to know which table in DB  associate a  User with its ROLE?????

 The 'groups', 'roles', 'm' and 'usr' tables contain the important

data.

Ciao,
 Vincenzo

 *Thanks

Arpit*
*


 Ciao,

 Vincenzo


 Thanks

Arpit

2008/9/18 Fabian Lambert <[EMAIL PROTECTED]>

 Hi,

 It is strange because this command work for me...

Why are you using the -cert parameter, do you store your certificate
in a
non standard location ? Usually, your X509 certificate should be
under
~/.globus directory.
Same question for -vomses, you should have some default
configuration
file,
you don't need to specify them.

Maybe should you try only (to use the default configuration...)
voms-proxy-init -debug --voms trial:/trial/Role=Developer --voms
trial:/trial/Role=Normal-user -out vomsproxy

On my side I tried this with my VO
voms-proxy-init --voms atlas:/atlas/Role=AMIManager --voms
atlas:/atlas/Role=AMIWriter -debug -out vomsproxy

I got (after typing my passphrase), a file vomsproxy

If I do then a
voms-proxy-info -file vomsproxy --all

I get

subject   : <myDN>/CN=proxy
issuer    : <myDN>
identity  : <myDN>
type      : proxy
strength  : 512 bits
path      : vomsproxy
timeleft  : 11:59:21
=== VO atlas extension information ===
VO        : atlas
subject   : <myDN>
issuer    : /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
attribute : /atlas/Role=AMIManager/Capability=NULL
attribute : /atlas/Role=NULL/Capability=NULL
attribute : /atlas/lcg1/Role=NULL/Capability=NULL
attribute : /atlas/fr/Role=NULL/Capability=NULL
attribute : /atlas/Role=AMIWriter/Capability=NULL


with my two roles.


arpit jain a écrit :

 Hii

 I tried giving the command the way you suggested:

*
voms-proxy-init -debug  -cert /tmp/x509up_u8085  -out vomsproxy
-vomses
/home/tools/shamjit/vomsclient/vomses --voms
trial:/trial/Role=Developer
--voms trial:/trial/Role=Normal-user

* but still I am gettting only 1 role i.e. Developer (or watever I
specify
 first in the command).

Thanks
Arpit
*
*
2008/9/18 Fabian Lambert <[EMAIL PROTECTED] <mailto:
[EMAIL PROTECTED]>>


 Hi Arpit,

 Try

 voms-proxy-init --voms trial:/trial/Role=Developer --voms
 /trial/Role=Normal-user

 and you should get the 2 roles in your VOMS proxy.

 Cheers

 Vincenzo Ciaschini a écrit :

    arpit jain wrote:

        Hii,

        I have assigned 2 roles (Developer and Normal-user) to my
        user and now i want multiple roles in my VOMS-proxy
        certificate using "voms-proxy-init", but I am getting only
        one Role. I am giving the below command:

        *voms-proxy-init -debug  --voms
        trial:/trial/Role=Developer --order /trial/Role=Developer
        --order /trial/Role=Normal-user -cert /tmp/x509up_u8085
         -out vomsproxy -vomses
/home/tools/shamjit/vomsclient/vomses

        The above command works fine but I get only 1 role i.e.
        Developer in my proxy certifcate.

        *Can someone suggest where I am wrong??

    There is no --voms:/trial/Role=Normal-user in the command line.

    Ciao,
     Vincenzo



        Thanks
        Arpit

[gt-user] Re: problem in voms-proxy-init

Reply via email to