[AG-TECH]X509 CN, VenueServer configfile and profile
Thomas D. Uram
turam at mcs.anl.gov
Mon Mar 14 16:15:09 CST 2005
West Suhanic wrote:
> Hi Thomas:
>
> I have a few questions:
>
> 1)What is the relationship between the CN embedded in the X509 certificate
> and the user ID running the VenueClient. I have had cases where if the two
> differ
> I get an authorization failure when trying to get into the VenueServer.
Each user has a certificate repository, and within that repo a default certificate that is
used for running the venue client and other AG software. I'm not sure what you mean when
you say 'if the two differ'. Can you clarify?
>
> 2)How does one create a configfile for the VenueServer? Could I please have
> an example configfile.
> (I would like to create it without using an interface. Editing it with vi is
> preferable.)
The VenueServer will create a config file with defaults when it runs. Most of the options
are configurable using the VenueManagement application. You can certainly edit with vi if
you like, but you run the risk of invalidating the config file.
>
> 3)How does one create a service profile? Could I please have an example
> service profile.
> (I would like to create it without using an interface. Editing it with vi is
> preferable.)
>
A service profile can also be generated from within the software. In
CertificateManagement, if you select a service certificate, you can select "Export Service
Profile" to generate a service profile file. Here's a sample:
[ServiceProfile]
serviceType = BridgeService
cred = Cred
[Cred]
authType = x509
subject = /O=Access Grid/OU=agdev-ca.mcs.anl.gov/CN=BridgeService/munich.mcs.anl.gov
where the certificate is looked up in the certificate repository by subject.
An alternate form of the service profile specifies the location of the certificate and key
files:
[ServiceProfile]
serviceType = VenueServer
cred = Cred
[Cred]
authType = x509
certfile = /sandbox/agtk.cvs/vv2/vv2-cert.pem
keyfile = /sandbox/agtk.cvs/vv2/vv2-key.pem
You can then start the venue server (or bridge server, etc.) with a '--profile' argument.
VenueServer.py --profile VenueServer.profile
(VenueServer.profile must reside in ~/.AccessGrid/Services)
VenueServer.py --profile /path/to/VenueServer.profile
(explicit path to VenueServer.profile file)
I've also added these details to the user documentation pages of the AG website.
Tom
More information about the ag-tech
mailing list