Hi Etienne, Etienne URBAH wrote:
Still to be verified is that VOMS servers only accept GSI-style X509 proxies http://forge.gridforum.org/sf/go/doc15591?nav=1 VOMS accepts and generates both type of proxies. However, there is a caveat, which explains the failures you get:
Pre VOMS 2.0: Server-side, VOMS uses GSI for validation. This means that if you run voms against gt2, contacting it with a gt4 proxy will fail. There is a final argument in the vomses file which specifies which version of GT the service uses, and adapts the proxies used to contact it accordingly. Many VOs distribute an incorrect vomses file. The final proxy obtained as output by voms-proxy-init will always be what you requested, in this case a rfc proxy. VOMS 2.0 onwards: Globus dependencies on the server will be dropped too (They are corrently removed from both the clients and the APIs). This will mean that any kind of proxy, or even a bare certificate, will become acceptable for contacting the service. The whole vomses config business above will no longer be relevant. VOMS 2.0 is due to be out during autumn this year. Ciao, Vincenzo