Difference between revisions of "LFC Certificates"

From GridPP Wiki
Jump to: navigation, search
 
 
Line 8: Line 8:
  
 
If you later update the host certificate, you ''must'' make a new copy of the certificate for <tt>lfcmgr</tt> with the permissions above.
 
If you later update the host certificate, you ''must'' make a new copy of the certificate for <tt>lfcmgr</tt> with the permissions above.
 +
 +
<tt>Additional notes:</tt>
 +
 +
* The official documentation is at https://svnweb.cern.ch/trac/lcgdm/wiki/Lfc
 +
* You need to restart then the lfcdaemon ( and lcf-dli if you are still running it)
 +
* In case you have also an http interface for the LFC, you need to restart httpd as well
 +
  
 
[[Category: LFC]]
 
[[Category: LFC]]

Latest revision as of 10:50, 6 February 2017

For the LCG File Catalog to function correctly, it needs to be able to present a valid host certificate. As LFC daemon runs as a non privileged user (a good thing!) a copy of the certificate needs to be made that the lfcmgr user can read.

This certificate is copied by YAIM at install time to /etc/grid-security/lfcmgr/

 # ls -l /etc/grid-security/lfcmgr
 -r--r--r--    1 lfcmgr   lfcmgr       2216 Jul 25 13:28 lfccert.pem
 -r--------    1 lfcmgr   lfcmgr       3340 Jul 25 13:28 lfckey.pem

If you later update the host certificate, you must make a new copy of the certificate for lfcmgr with the permissions above.

Additional notes:

  • The official documentation is at https://svnweb.cern.ch/trac/lcgdm/wiki/Lfc
  • You need to restart then the lfcdaemon ( and lcf-dli if you are still running it)
  • In case you have also an http interface for the LFC, you need to restart httpd as well