Difference: NotesAboutMyProxy-EMI-2-SL6 (2 vs. 3)

Revision 32012-06-21 - PaoloVeronesi

Line: 1 to 1
 
META TOPICPARENT name="WebHome"

Notes about Installation and Configuration of a MyProxy server - EMI-2 - SL6 x86_64

  • These notes are provided by site admins on a best effort base as a contribution to the IGI communities and MUST not be considered as a subsitute of the Official IGI documentation.
Line: 348 to 348
 The secondary server should only accept credentials from the primary server, so a user will never be able to store directly to a secondary and cause an inconsistency in the repository. User interaction with secondary servers is limited to myproxy-logon and myproxy-retrieve. All other commands must be performed via the primary. In normal operation, all commands should be sent to the primary, and users should not need to know about servers running as secondary machines. Secondary servers should only be accessed by clients when the primary is unreachable. In order to limit credential storage on the secondary to only the primary server, the value of accepted_credentials must be set to the DN of the primary. All other myproxy-server.config values should be set as they are on the primary. It is simplest and safest to copy the myproxy-server.config file from the primary to the secondary and change the value of accepted_credentials. The following shows a simple secondary configuration. Only the primary MyProxy server on myproxy.cnaf.infn.it is allowed to modify the credentials in the repository of the secondary.
# cat /etc/myproxy-server.config 
Changed:
<
<
accepted_credentials "/C=IT/O=INFN/OU=Host/L=CNAF/CN=myproxy.cnaf.infn.it"
>
>
accepted_credentials "'/C=IT/O=INFN/OU=Host/L=CNAF/CN=myproxy01.cnaf.infn.it', '/C=IT/O=INFN/OU=Host/L=CNAF/CN=myproxy02.cnaf.infn.it'"
 authorized_retrievers "*" default_retrievers "*" authorized_renewers "*"
 
This site is powered by the TWiki collaboration platformCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback