Oxana, Concerning X509 proxies accepted by VOMS servers : VOMS servers with version older than 2.0 only accept Globus proxies. After I fixed my PRIVATE version of the 'vomses' file, the 'voms-proxy-init' client presents a Globus proxy to my old VOMS server, receives a Globus proxy with VOMS extensions, then converts it to a RFC-compliant proxy with VOMS extensions (according to Vincenzo's mail to me on 08 April 2004). Some gLite commands accept RFC proxies, but the 'glite-wms-job-delegate-proxy' command requires Globus proxies (see log below). Anyway, the 'vomses' file, created by each VO manager, is installed 'as it' by system engineers, and best practices such as ITIL forbid us to require that each end user fixes the content of this file himself. These best practices require that each 'vomses' file must be fixed ONLY by its creator (the VO manager), and then deployed. $ cat $GLITE_LOCATION/etc/vomses/vo.lal.in2p3.fr-grid12.lal.in2p3.fr.vo.ncm-vomsclient "vo.lal.in2p3.fr" "grid12.lal.in2p3.fr" "20000" "/O=GRID-FR/C=FR/O=CNRS/OU=LAL/CN=grid12.lal.in2p3.fr" "vo.lal.in2p3.fr" $ perl -wpe 's/$/"2"/' $GLITE_LOCATION/etc/vomses/vo.lal.in2p3.fr-grid12.lal.in2p3.fr.vo.ncm-vomsclient

.glite/vomses/vo.lal.in2p3.fr-grid12.lal.in2p3.fr.vo.ncm-vomsclient

$ cat .glite/vomses/vo.lal.in2p3.fr-grid12.lal.in2p3.fr.vo.ncm-vomsclient "vo.lal.in2p3.fr" "grid12.lal.in2p3.fr" "20000" "/O=GRID-FR/C=FR/O=CNRS/OU=LAL/CN=grid12.lal.in2p3.fr" "vo.lal.in2p3.fr" "2" $ voms-proxy-init -rfc -voms vo.lal.in2p3.fr Enter GRID pass phrase: Your identity: /O=GRID-FR/C=FR/O=CNRS/OU=LAL/CN=Etienne Urbah Creating temporary proxy ...................................... Done Contacting grid12.lal.in2p3.fr:20000 [/O=GRID-FR/C=FR/O=CNRS/OU=LAL/CN=grid12.lal.in2p3.fr] "vo.lal.in2p3.fr" Done Creating proxy ......................... Done Your proxy is valid until Fri Apr 17 03:15:50 2009 $ glite-wms-job-status -v 0 https://grid02.lal.in2p3.fr:9000/Z7juBUd0MCegqWG6ONugCQ ************************************************************* BOOKKEEPING INFORMATION: Status info for the Job : https://grid02.lal.in2p3.fr:9000/Z7juBUd0MCegqWG6ONugCQ Current Status: Aborted ************************************************************* $ glite-wms-job-delegate-proxy -d rfc Connecting to the service https://node27.datagrid.cea.fr:7443/glite_wms_wmproxy_server Connection failed: SSL_ERROR_SSL error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown SSL connect failed in tcp_connect() Error code: SOAP-ENV:Client Best regards. ---------------------------------- Etienne URBAH IN2P3 - LAL Bat 200 91898 ORSAY France Tel: +33 1 64 46 84 87 Mob: +33 6 22 30 53 27 Skype: etienne.urbah mailto:urbah@lal.in2p3.fr ---------------------------------- On Thu, 16 Apr 2009, Oxana Smirnova wrote:

Hi Etienne,

...

X509 proxies accepted by VOMS servers ------------------------------------- I have tried to use a VOMS server with a RFC-3820-compliant X.509 proxy, but it failed : See http://forge.gridforum.org/sf/go/doc15591?nav=1

Can you confirm that VOMS servers only accept GSI-style X.509 proxies ?

I can show that VOMS servers and clients (recent enough) work fine with RFC-compliant proxies:

oxana@svalbard:~ > voms-proxy-init -version voms-proxy-init Version: 1.8.9 Compiled: Nov 19 2008 20:50:14 oxana@svalbard:~ > voms-proxy-init -voms knowarc.eu -rfc Cannot find file or dir: /etc/vomses Enter GRID pass phrase: Your identity: /O=Grid/O=NorduGrid/OU=hep.lu.se/CN=Oxana Smirnova Creating temporary proxy ....................................... Done Contacting arthur.hep.lu.se:15001 [/O=Grid/O=NorduGrid/CN=host/arthur.hep.lu.se] "knowarc.eu" Done Creating proxy ................................................................................................. Done Your proxy is valid until Thu Apr 16 15:49:56 2009

Cheers, Oxana