Hi Joseph: I would favor the anonymous cert. That way, a user could use the cd without needing a passphrase.
As of yesterday, the transitional venue server is allowing anonymous users to enter. You would need to include the anonymous ca cert in the iso, also; let me know if you need the ca cert files. Nice job! Tom Joseph wrote: > Hi > > Thanks to the fact pointed by Thomas, I've found where was the trouble > and AccessGrid works now as required. Thanks a lot. > > For the issue of which certificate to install, what about an Identity > Certificate for a user named Knoppix ? The passphrase would be given > with the bootable live cd so everyone could try AccessGrid at home > easily. The email would be something like knoppix_at_vislab... It would > only mean than we don't really know who's behind the user named knoppix > and that the multiple users knoppix could be connected at the same > time. However, we would already know that it is someone with a bootable > live cd who is connected. So, do you agree to do it this way ? > > Otherwise, if the option of the Anonymous certificate is choosen, it > would be great that each lobby allows some rooms to be used by the > people with anonymous certificate. It would however require some people > to work on theirs lobbys' configuration and it may take some time. > > So, what do you think of it finally ? > > The iso of this knoppix will be avalaible to download as soon as we > have resolved the issue of which certificate to install. > > Cheers, > Joseph > > > On Wed, 04 Aug 2004 09:31:30 -0500, Thomas D. Uram <tu...@mcs.anl.gov> > wrote: > >> Joseph: >> >> This line in the log: >> >> 08/03/04 23:26:03 16384 CertificateRepository >> CertificateRepository.py:1110 DEBUG No private key dir found at >> /home/knoppix/.AccessGrid/Config/certRepo/privatekeys/cd4b90014aaa7a0d58ffbc87591b1a52.pem >> >> >> >> makes me think that the private key does not exist properly in the >> cert repo. Could you start certmgr.py and 'show' this certificate, >> to see details of the cert and private key? It could be that there >> is a problem with the cert repo before you put it on the cd. >> >> Where is '/tmp' defined when you boot from your knoppix cd? On a ram >> disk? >> >> Tom >> >> >> Joseph wrote: >> >>> Hi >>> <snip> >>> >>>> We should look at the log files (or debug output) to understand why >>>> it's failing to use the certificate. >>> >>> Here is a debug output (joined to this mail), I hope it will help >>> you ! I have commented it a little bit. >>> BTW, the content of the error message is : >>> Private key is not available for this certificate : >>> /O=Access Grid/OU=agdev-ca.mcs.anl.gov/OU=<snip>/CN=<snip> >>> You will have to reimport or otherwise obtain a new copy. >>> (What did I do ? I have copied an existing /home/user/.AccessGrid >>> folder, of an user with a valid certificate, into the >>> /home/user/.AccessGrid of my iso, before burning it. Then after >>> burning, I have launched VenueClient.py --personalNode). >>> <snip> >>> >>>> Do multiple users log in, or just one? If there is a generic user, >>>> you should be able to create a .AccessGrid directory for that user >>>> with an anonymous certificate (we issue these now), and have >>>> everything work fine. >>> >>> The trouble is that anonymous certificates prevent often from >>> connecting to some Venue, like the Asian Pacific one for example. >>> So it's exactly appropriate. >>> Thanks all for your help >>> Cheers, >>> Joseph > > > >
