[AG-TECH] AG 2.0/Globus cert question

Randy Heiland heiland at ncsa.uiuc.edu
Fri May 9 12:19:30 CDT 2003 

Will "Globus" certs continue to be valid for AG 2.x?  I have:

issuer   : /O=Grid/O=Globus/OU=ncsa.uiuc.edu/CN=Randy Heiland

--Randy

On May 9,  9:42am, Ti Leggett wrote:
> Subject: Re: [AG-TECH] AG 2.0/Globus cert question
> I'll explain how it currently is and in what direction we're going with
> them. Currently, all users should have a cert and it's helpful if the
> cert's subject is something human readable and meaningful, i.e., the CN=
> portion has your full name in it like
>
> O=Access Grid, OU=agdev-ca.mcs.anl.gov, OU=mcs.anl.gov, CN=Ti Leggett
>
> These user certs work well for things like personal or desktop nodes
> because on these the AG software may not always be fired up and when it
> is fired up, it's fired up by the user.
>
> Where we're going is for the AGNodeService and AGServiceManagers to have
> their own service certs that they use to start. This is especially
> important when these services might start at boot time on multi-machine
> nodes when no user is yet present.
>
> So presently your only option is to have your user cert. If you're doing
> some testing there shouldn't be a problem moving your cert and key
> around to each machine for the time being. In the future you can still
> do that, but we highly recommend getting the appropriate service certs
> for services and user certs for everybody.
>
> In case your curious, a service cert would look something like:
>
> O=Access
> Grid,OU=agdev-ca.mcs.anl.gov,CN=AGNodeService/ws-control.mcs.anl.gov
>
> And
>
> O=Access
> Grid,OU=agdev-ca.mcs.anl.gov,CN=AGServiceManager/ws-video.mcs.anl.gov
>
> Hopefully this helps more than it hurts :)
>
> On Thu, 2003-05-08 at 17:09, Darin Oman wrote:
> > I will be running AG 2.0 in one form or another on a few different
> > machines (main node, my laptop, etc.). Is it OK to use the same
> > certificate for all machines, or should I request a separate cert for
> > each? Is there a problem if there are 2 nodes running at the same time
> > using the same cert?
> >
> > Thanks,
> > Darin
> >
>-- End of excerpt from Ti Leggett

More information about the ag-tech mailing list