Re: MyProxy and GridPort Toolkit


Hi Jenny,

My apologies, this should be documented in Gridport. The Gridport 
support of
Myproxy is still a bit new, however.

What I'd try is commenting out the first authorized retrievers, and
just leaving the 2nd one.

So comment back out
> authorized_retrievers "/C=CA/O=Grid/*"

and leave

authorized_retrievers "*"

steve


On Friday, March 14, 2003, at 04:38 PM, Jenny Allan wrote:

>
> I have set up MyProxy as a server and a client. I'm now trying to 
> install
> the GridPort Toolkit. When I do a test (make test TEST_VERBOSE=1, in 
> the
> Gridport/Cog directory) there are problems because it says:
>
> error is: ERROR from server: "<anonymous>" not authorized by server's
> default retriever policy.
>
> Does anyone know what I have to change in the
> $GLOBUS_LOCATION/etc/myproxy-server.config file, so that the default 
> can
> authorize anonymous returns. I know how to set this manually at a 
> prompt
> when you do myproxy-init (it's the -a option) but I don't know to pass
> that option in the GridPort scripts.
>
> Thanks
>
> I've included the retrievers part of my myproxy-server.config file, 
> what
> part needs to be changed?
>
> # Authorized Retrievers
> #
> # Who is authorized to retrieve credentials from the repository?
> #
> # Allow only trusted Alliance web portals with a valid Myproxy
> # passphrase to retrieve credentials, thereby discouraging users from
> # giving out their Myproxy passphrase to untrusted sites and limiting
> # the vulnerability of the credentials stored on the Myproxy server.
> # Note: NCSA doesn't audit sites with portal certificates.
> #authorized_retrievers "/C=US/O=National Computational Science
> Alliance/CN=portal/*"
> #
> # Added by jjallan/march12.2003
> #authorized_retrievers "/C=CA/O=Grid/CN=portal/*"
> authorized_retrievers "/C=CA/O=Grid/*"
>
> # Allow any client, including anonymous clients, with a valid MyProxy
> # passphrase to retrieve credentials.  This is the recommended
> # setting, as it gives users the flexibility to set their own policies
> # on their credentials.
> # Added by jjallan/march13.2003
> authorized_retrievers "*"
>
> #
> # Default Retrievers
> #
> # If a user doesn't set a retrieval policy with the credential on
> # upload, apply the following policy.
> #default_retrievers "/C=US/O=National Computational Science 
> Alliance/CN=portal/*"
> #default_retrievers "/C=CA/O=Grid/CN=portal/*"
> default_retrievers "*"
> #
>
> Jenny
> Grid Canada



Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index