[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [geclipse-dev] Creating VOMS proxy over 24 hours
|
Hi Nicholas,
> I am trying to create a VOMS authentication token for the g-Eclipse VO
> with validity in excess of 24 hours.
>
> While activating the token i get the following exception:
>
> eu.geclipse.core.auth.AuthenticationException: voms.grid.auth.gr:15010: The
> validity of this VOMS AC in your proxy is shortened to 86400 seconds!
> (code: 2)
yes, that is to be expected... there is a setting in the VOMS server limiting
the maximum credential lifetime you can get. The default is 24 hours (i could
try to change that if necessary)
> Now, if i try to create a VOMS proxy from a gLite-UI machine using the
> following:
>
> voms-proxy-init -hours 72 --voms geclipse
>
> the proxy is created without any problem with a validity of 72 hours.
uhm... very strange, are you sure the extensions also have the same validity
as the proxy? it might be that the voms-proxy-init command combines a 72h
proxy with a 24h voms-extension...
Oh yes... that is the case:
ariel@iwrui:~$ voms-proxy-info -all
subject : /O=GermanGrid/OU=FZK/CN=Ariel Garcia/CN=proxy
issuer : /O=GermanGrid/OU=FZK/CN=Ariel Garcia
identity : /O=GermanGrid/OU=FZK/CN=Ariel Garcia
type : proxy
strength : 512 bits
path : /tmp/x509up_u10109
timeleft : 71:59:52
=== VO geclipse extension information ===
VO : geclipse
subject : /O=GermanGrid/OU=FZK/CN=Ariel Garcia
issuer : /O=GermanGrid/OU=FZK/CN=host/dgrid-voms.fzk.de
attribute : /geclipse/Role=NULL/Capability=NULL
attribute : /geclipse/test/Role=NULL/Capability=NULL
timeleft : 11:59:52
see the different durations of the proxy and the extension?
Cheers, Ariel
