[AG-DEV] Some issues with secure/non-secure

Christoph Willing willing at itee.uq.edu.au
Sun Apr 23 06:40:51 CDT 2006 

On 21/04/2006, at 11:20 AM, Christoph Willing wrote:

>
> On 21/04/2006, at 9:36 AM, Rhys Hawkins wrote:
>
>>
>> I have some issues when trying to run my own VenueServer with AG
>> from CVS and I'd like to know if other people have these problems
>> or whether its a problem with my gentoo ebuilds.
>
> Rhys,
>
> My experiences with the test server at https://vv3.vislab.uq.edu.au: 
> 8000/Venues/default -
>
>> 1. VenueServer.py requires a certificate, and I can't run a  
>> VenueServer
>> insecurely. The old -i switch is gone and --secure=0 still asks for
>> a certificate. With --secure=0 it does run on http rather than https,
>> but I am unable to connect to it with either VenueClient or
>> VenueManagement when supplied with the --secure=0 argument.
>
> I run the server without secure argument. The code takes secure=1  
> as the default and this is confirmed in the log file:
> 04/18/06 08:07:01 16384 Toolkit     VenueServer3.py:97 INFO   
> Running in secure mode
>
>
>> 2. When running a secure VenueServer I get 2 prompts for a passwd (
>> I don't have to enter it twice, I just get 2 prompts). They are:
>>   Verify passphrase:
>>   Certmgr passphrase:
>
> I'm never been prompted for a password and it would be difficult to  
> respond as the server is running from a system startup script. My  
> guess is that this is because the user account running the server  
> has a server certificate installed, rather than an user cert.
>
>
>> 3. When running VenueManagement and connecting to the server, I have
>> to enter my passphrase repeatedly in the shell from which I started
>> the UI. eg For the initial connection to the VenueServer, I get
>> six of the following prompts:
>>   Enter PEM pass phrase:
>> After entering the pass phrase each, the connection succeeds. I'm
>> using my certificate issued for AG24.
>
> To connect successfully, the user account running the  
> VenueManagement tool must be running with the same certificate as  
> that running the venue server. Different certificates would work if  
> they could be added to the server's list of Administrators.  
> Unfortunately there is currently a bug (bugzilla #1477) which  
> prevents access to the VenueManagement's "Manage Security" tab to  
> set this up.

Bug #1477 was fixed at the weekend, so various cert holders can now  
be given Administrator control via the Manage Security button in the  
Security tab.


chris


>> 4. Can you still run the VenueClient with a certificate? I tried
>> using VenueClient3.py --secure=1 --personalNode=1, but it doesn't
>> ask for the pass phrase and fails to start the audio and video
>> services as it looks like the command line arguments passed to them
>> are incorrect, ie its giving --secure rather than --secure=1.
>> BTW, is there a reason why the personalNode option has changed from
>> a switch to an int option?
>
> Same behaviour here - doesn't ask for pass phrase phrase, no audio/ 
> video - just errors "--secure option requires an argument".
>
> In general, I haven't being running VenueClient with secure=1  
> because AG3 wasn't going to include secure operation in the first  
> release. Looking at the list of options (from VenueClient3.py -- 
> help), the --secure option refers only to whether services use SSL;  
> nothing about cert based interaction with the venue server.
>
>
> chris
>
>
> Christoph Willing                       +61 7 3365 8350
> QPSF Access Grid Manager
> University of Queensland
>
>
>

Christoph Willing                       +61 7 3365 8350
QPSF Access Grid Manager
University of Queensland

More information about the ag-dev mailing list