[AG-TECH] AG 2.0/Globus cert question
Ti Leggett
leggett at mcs.anl.gov
Fri May 9 09:42:40 CDT 2003
I'll explain how it currently is and in what direction we're going with
them. Currently, all users should have a cert and it's helpful if the
cert's subject is something human readable and meaningful, i.e., the CN=
portion has your full name in it like
O=Access Grid, OU=agdev-ca.mcs.anl.gov, OU=mcs.anl.gov, CN=Ti Leggett
These user certs work well for things like personal or desktop nodes
because on these the AG software may not always be fired up and when it
is fired up, it's fired up by the user.
Where we're going is for the AGNodeService and AGServiceManagers to have
their own service certs that they use to start. This is especially
important when these services might start at boot time on multi-machine
nodes when no user is yet present.
So presently your only option is to have your user cert. If you're doing
some testing there shouldn't be a problem moving your cert and key
around to each machine for the time being. In the future you can still
do that, but we highly recommend getting the appropriate service certs
for services and user certs for everybody.
In case your curious, a service cert would look something like:
O=Access
Grid,OU=agdev-ca.mcs.anl.gov,CN=AGNodeService/ws-control.mcs.anl.gov
And
O=Access
Grid,OU=agdev-ca.mcs.anl.gov,CN=AGServiceManager/ws-video.mcs.anl.gov
Hopefully this helps more than it hurts :)
On Thu, 2003-05-08 at 17:09, Darin Oman wrote:
> I will be running AG 2.0 in one form or another on a few different
> machines (main node, my laptop, etc.). Is it OK to use the same
> certificate for all machines, or should I request a separate cert for
> each? Is there a problem if there are 2 nodes running at the same time
> using the same cert?
>
> Thanks,
> Darin
>
More information about the ag-tech
mailing list