[AG-TECH] two more certification notes in 2.1.2 early tests

Lewis Grantham l.grantham at ucl.ac.uk
Mon Oct 27 11:32:44 CST 2003 

Hi AG team,

great job on 2.1.2.. I finally got it to go, and looks good.  the cert
management opens up some interesting avenues, and no doubt this will develop
further.

have noticed two points in this respect for the record though:

a. at sometime setting up 2.1.1b I suppose, I managed to create empty
directories in the Application Data\AccessGrid\certRepo\certificates folder
(with names like d9f469c3c3133747f615ff01fc121f21).  could be part of the
(fixed) issue with policies from 0-starting CAs, or just me. Had no luck getting
things settled until i cleared these.  the aguninstall.py script seemed to
preserve them too, so my problems just carried on with 2.1.2 intially.

b. the AGTK can use a UK E-Science cert in some repsects.  Imports ok after CA
import, and seems to proxy ok when set as default.  However, any AGService and
AGNodeService I run with this set up dont seem to work properly.  The scripts
run, and logs look like:

C:\Program Files\Access Grid Toolkit\bin>AGNodeservice -d
AGNodeService URL:  https://boshtv.mediares.ucl.ac.uk:11000/NodeService

C:\Program Files\Access Grid Toolkit\bin>AGserviceManager -d
AGServiceManager URL:  https://boshtv.mediares.ucl.ac.uk:12000/ServiceManager

VenueClient logs look ok, but when you connect to a venue, no services are
spawned to handle video or audio.

If I try to 'Manage my node' from the prefs menu, it fails with the following
debugs:

10/27/03 17:15:59 DEBUG HaveValidProxy: found proxy ident /C=UK/O=eScience/OU=UC
L/L=EISD/CN=lewis grantham/CN=proxy
Invalid Node Service URI: https://boshtv.mediares.ucl.ac.uk:11000/NodeService

and a dialogue saying a more human version of same (Cannot open node..)

This only occurs with a different default user cert, and concerns me if end
users can make these sorts of changes to installed systems and stop them
working.

so, 

Is it the case that the node configuration and service parameters are unique to
each imported/default ID?  

Since NodeManagement script doesn't seem to run from the command line anymore
reliably (i've only successfully managed my node with the venueclient>prefs
entry), any way I can check whether this is a null or missing service config or
something deeper?

if simple config issue, any way to brace the systems here to hold a solid config
even if some user imports a personal certificate (from wherever) and sets it as
default? 

sounds like it goes against the spirit of the latest changes I know.  I am all
for user/group personalisations, as its one of the main area of this as a
service that worries me.  but seems somethings might be amiss here.

many thanks
lewis


 
-- 
......................................................
Lewis Grantham LLB MSc                                   
Project Leader, Multimedia Unit                          
Media Resources, UCL (University College London)         
Windeyer Building, Cleveland Street, London W1P 6DB      
                                                         
Tel: (+44) 020 7679 9258    Fax: (+44) 020 7580 0995     
URL: http://www.ucl.ac.uk/mediares/mmedia

More information about the ag-tech mailing list