Hi again Jan, thanks for looking into this. I confirm that it works for me too. All the best.
Matteo > On 26 Jun 2015, at 14:04, Jan Just Keijser <[email protected]> wrote: > > Hi all, > > On 24/06/15 18:02, Basney, Jim wrote: >> I agree. MyProxy offers 3 options for adding VOMS attributes to the >> credential: >> >> 1. adding the VOMS attributes via myproxy-init by calling voms-proxy-init >> 2. adding the VOMS attributes via myproxy-server using the VOMS APIs >> (as requested by myproxy-logon -m) >> 3. adding the VOMS attributes via myproxy-logon by calling voms-proxy-init >> >> If I understand correctly, the problem is that option #2 is not working in >> GT 6.0, so myproxy-logon is trying option #3 as a fall-back, but we want >> to get option #2 working again. Of the 3 options, only option #2 requires >> linking with the VOMS libraries, because options #1 and #3 just call >> voms-proxy-init. As Matteo explains, the nice thing about option #2 is it >> doesn't require a client-side VOMS install. >> >> I'm working on re-establishing my VOMS test environment so I can help >> further with the diagnosis. Thanks Matteo for confirming that the problem >> is with all GT 6.0 versions but not with GT 5.2.4 and GT 5.2.5. That >> should help in finding the cause. >> > ah, I didn't know about feature #2 : quite nice&interesting! > And yes, I can reproduce it with GT 6 as well; after some digging I found > that the problem is caused by the 'configure' script for the myproxy code: > when checking for 'globus_gsi_proxy_handle_set_extensions' it cannot find the > library libglobus_gsi_proxy_core and thus disables support for this (#undef > HAVE_GLOBUS_GSI_PROXY_HANDLE_SET_EXTENSIONS) > This causes myproxy to not add *any* extensions to delegated proxies (see > ssl_utils.c, lines 1708-1720) , including the voms extensions. > If you rerun the myproxy 'configure' script > LDFLAGS="-L/usr/local/globus-6/lib" ./configure .... > then it picks up 'globus_gsi_proxy_handle_set_extensions' just fine and the > problem is resolved. > > HTH, > > JJK / Jan Just Keijser > Nikhef > Amsterdam > >> On 6/24/15, 10:34 AM, [email protected] on behalf of >> Lanati, Matteo wrote: >>> Hi Jan, >>> >>> I see your point (upload a VOMS enabled proxy, generated locally), but I >>> want to store on MyProxy a plain proxy (without signature) and retrieve a >>> credential with a VO extension. It's MyProxy that should contact the VOMS >>> server to get the signature. The goal is to avoid to install (and >>> configure) the VOMS utils on the client, since it is a tedious task. >>> >>> I think that when I do a "myproxy-logon -m esr", myproxy-logon realises >>> that it received a proxy without the signature, then it tries to add it >>> looking for voms-proxy-init, as a fallback. I want MyProxy to do the >>> dirty work for me and for my users ;-) . It used to work on GT >>> 5.2.4/5.2.5. As explained by Jim in the previous mail, something changed >>> in the meanwhile. >>> >>> All the best, >>> >>> Matteo >>> >>> >>> >>>> On 24 Jun 2015, at 17:11, Jan Just Keijser <[email protected]> wrote: >>>> >>>> Hi, >>>> >>>> the error is on the client side: >>>> >>>> Enter MyProxy pass phrase: >>>> failed to run voms-proxy-init: No such file or directory >>>> A credential has been received for user Š >>>> >>>> >>>> when you run >>>> myproxy-logon -m esr >>>> the myproxy-logon command tries to launch 'voms-proxy-init -voms esr >>>> .....' and it fails to find voms-proxy-init. >>>> >>>> FWIW: >>>> I've download globus_toolkit-6.0.1433516164, built myproxy with voms >>>> support and launched a MyProxy server. It listed VOMS supported, and >>>> indeed, when I upload a vomsified proxy to it the proxy is stored. >>>> Delegated proxies (e.g. run 'myproxy-get-delegation' without listing a >>>> voms server) included the VOMS info from the original upload. >>>> >>>> > Matteo Lanati Distributed Resources Group Leibniz-Rechenzentrum (LRZ) Boltzmannstrasse 1 85748 Garching b. München (Germany) Phone: +49 89 35831 8724
