LFC Certificates

From GridPP Wiki
Jump to: navigation, search

For the LCG File Catalog to function correctly, it needs to be able to present a valid host certificate. As LFC daemon runs as a non privileged user (a good thing!) a copy of the certificate needs to be made that the lfcmgr user can read.

This certificate is copied by YAIM at install time to /etc/grid-security/lfcmgr/

 # ls -l /etc/grid-security/lfcmgr
 -r--r--r--    1 lfcmgr   lfcmgr       2216 Jul 25 13:28 lfccert.pem
 -r--------    1 lfcmgr   lfcmgr       3340 Jul 25 13:28 lfckey.pem

If you later update the host certificate, you must make a new copy of the certificate for lfcmgr with the permissions above.

Additional notes:

  • The official documentation is at https://svnweb.cern.ch/trac/lcgdm/wiki/Lfc
  • You need to restart then the lfcdaemon ( and lcf-dli if you are still running it)
  • In case you have also an http interface for the LFC, you need to restart httpd as well