Add LSC files to the vomses distribution



Freshdesk Tickets



Alain Roy
July 25, 2011, 9:39 PM

The .lsc file looks good to me--check it out yourself. It's a straightforward file with the DN of host and the DN of the CA.

It's interesting that it says "Using configuration file /home/dweitzel/.glite/vomses". Do you really have one there? Is it valid?

I did use osgedu instead of hcc (since I'm not in hcc). That certainly could account for the difference. So I went ahead and added you to the osgedu VO--can you give it a try with it?

Derek Weitzel
July 25, 2011, 11:37 PM

Yep, worked with osgedu, but not with HCC. What is wrong with our voms? Is it because we have a hyphen?

Very odd...

Brian Bockelman
July 26, 2011, 12:07 AM

Here's the extended attributes I was issued from the HCC VOMS server:

[brian@brian-test ~]$ voms-proxy-info -all
subject : /DC=org/DC=doegrids/OU=People/CN=Brian Bockelman 504307/CN=proxy
issuer : /DC=org/DC=doegrids/OU=People/CN=Brian Bockelman 504307
identity : /DC=org/DC=doegrids/OU=People/CN=Brian Bockelman 504307
type : proxy
strength : 1024 bits
path : /tmp/x509up_u502
timeleft : 11:58:00
key usage : Digital Signature, Key Encipherment, Data Encipherment
=== VO hcc extension information ===
VO : hcc
subject : /DC=org/DC=doegrids/OU=People/CN=Brian Bockelman 504307
issuer : /DC=org/DC=doegrids/OU=Services/CN=http/
attribute : /hcc/Role=NULL/Capability=NULL
timeleft : 12:09:44
uri : hcc-voms:15000

So - it appears there's about a 10 minute clock skew on hcc-voms. Also, the "uri" appears as "hcc-voms" instead of "". If you purposely skew the clock on the client host and symlink to have a file named "hcc-voms.lsc", the certificate is successfully verified.

I believe both issues are errors on the HCC side. The LSC files work with the CMS VOMS server.

Derek Weitzel
July 26, 2011, 2:00 PM

I can confirm. The changes to hcc voms worked.

Alain Roy
November 14, 2011, 5:32 PM

The LSC files have been distributed for a while. Closing ticket.


Igor sfiligoi


Alain Roy