VOMS proxy time limited and how to request an extension
From GridPP Wiki
Revision as of 09:26, 20 May 2014 by Tom Whyntie a4af2b64d8 (Talk | contribs)
For security reason, it was agreed by JSPG and all VOs to limit the proxy lifetime to 24 hours for all VOs, both at the authentication and at the authorization level. The proxy renewal functionality is available in the glite WMS and FTS services. The standard gLite renewal mechanism can be used to support long-term operations. Grid middleware, whenever possible, should make use of approved services like MyProxy server to store long-lived proxy.
- Using myproxy
$ voms-proxy-init --voms [vo] Enter GRID pass phrase for this identity: [confirmation messages] Remote VOMS server contacted succesfully. Created proxy in [location]. Your proxy is valid until [date and time] $ myproxy-init -d -n Your identity: [your DN] Enter GRID pass phrase for this identity: Creating proxy ........................................................................................................... Done Proxy Verify OK Your proxy is valid until: [date and time] A proxy valid for 168 hours (7.0 days) for user [your DN] now exists on myproxy.gridpp.rl.ac.uk # <- should be this for UK users...
Documentation on using myproxy can be found at:
http://www.gridpp.ac.uk/deployment/users/gridsite-admin.cgi?cmd=print&file=myproxy.html
- (PROBABLY OUT OF DATE) If your VO's users experience specific difficulty with 24 hours proxy and need a TEMPORARY extension of the proxy lifetime (more than 24 hours), the relevant VO manager(s) MUST follow the OSCT opertional noticeto make a request.
- (PROBABLY OUT OF DATE) An example of such request can be found in GGUS (GGUS Ticket-ID: 29502): Request for VOMS proxy extension COMPASSIT VO