[AG-TECH]X509 CN, VenueServer configfile and profile

Thomas D. Uram turam at mcs.anl.gov
Mon Mar 14 16:15:09 CST 2005 


West Suhanic wrote:
> Hi Thomas:
> 
> I have a few questions:
> 
> 1)What is the relationship between the CN embedded in the X509 certificate
> and the user ID running the VenueClient. I have had cases where if the two
> differ
> I get an authorization failure when trying to get into the VenueServer.

Each user has a certificate repository, and within that repo a default certificate that is 
used for running the venue client and other AG software.  I'm not sure what you mean when 
you say 'if the two differ'.  Can you clarify?

> 
> 2)How does one create a configfile for the VenueServer? Could I please have
> an example configfile.
> (I would like to create it without using an interface. Editing it with vi is
> preferable.)

The VenueServer will create a config file with defaults when it runs.  Most of the options 
are configurable using the VenueManagement application.  You can certainly edit with vi if 
you like, but you run the risk of invalidating the config file.

> 
> 3)How does one create a service profile? Could I please have an example
> service profile.
> (I would like to create it without using an interface. Editing it with vi is
> preferable.)
> 

A service profile can also be generated from within the software.  In 
CertificateManagement, if you select a service certificate, you can select "Export Service 
Profile" to generate a service profile file.  Here's a sample:

[ServiceProfile]
serviceType = BridgeService
cred = Cred

[Cred]
authType = x509
subject = /O=Access Grid/OU=agdev-ca.mcs.anl.gov/CN=BridgeService/munich.mcs.anl.gov

where the certificate is looked up in the certificate repository by subject.

An alternate form of the service profile specifies the location of the certificate and key 
files:

[ServiceProfile]
serviceType = VenueServer
cred = Cred

[Cred]
authType = x509
certfile = /sandbox/agtk.cvs/vv2/vv2-cert.pem
keyfile = /sandbox/agtk.cvs/vv2/vv2-key.pem


You can then start the venue server (or bridge server, etc.) with a '--profile' argument.

VenueServer.py --profile VenueServer.profile
(VenueServer.profile must reside in ~/.AccessGrid/Services)

VenueServer.py --profile /path/to/VenueServer.profile
(explicit path to VenueServer.profile file)


I've also added these details to the user documentation pages of the AG website.


Tom

More information about the ag-tech mailing list