[AG-TECH] two more certification notes in 2.1.2 early tests
Robert Olson
olson at mcs.anl.gov
Tue Oct 28 06:51:11 CST 2003
Hi --
If you send me the logfiles from your Application Data\AccessGrid directory
I can try to figure out what's going on.
thanks,
--bob
At 11:32 AM 10/27/2003, Lewis Grantham wrote:
>Hi AG team,
>
>great job on 2.1.2.. I finally got it to go, and looks good. the cert
>management opens up some interesting avenues, and no doubt this will develop
>further.
>
>have noticed two points in this respect for the record though:
>
>a. at sometime setting up 2.1.1b I suppose, I managed to create empty
>directories in the Application Data\AccessGrid\certRepo\certificates folder
>(with names like d9f469c3c3133747f615ff01fc121f21). could be part of the
>(fixed) issue with policies from 0-starting CAs, or just me. Had no luck
>getting
>things settled until i cleared these. the aguninstall.py script seemed to
>preserve them too, so my problems just carried on with 2.1.2 intially.
>
>b. the AGTK can use a UK E-Science cert in some repsects. Imports ok after CA
>import, and seems to proxy ok when set as default. However, any AGService and
>AGNodeService I run with this set up dont seem to work properly. The scripts
>run, and logs look like:
>
>C:\Program Files\Access Grid Toolkit\bin>AGNodeservice -d
>AGNodeService URL: https://boshtv.mediares.ucl.ac.uk:11000/NodeService
>
>C:\Program Files\Access Grid Toolkit\bin>AGserviceManager -d
>AGServiceManager URL: https://boshtv.mediares.ucl.ac.uk:12000/ServiceManager
>
>VenueClient logs look ok, but when you connect to a venue, no services are
>spawned to handle video or audio.
>
>If I try to 'Manage my node' from the prefs menu, it fails with the following
>debugs:
>
>10/27/03 17:15:59 DEBUG HaveValidProxy: found proxy ident
>/C=UK/O=eScience/OU=UC
>L/L=EISD/CN=lewis grantham/CN=proxy
>Invalid Node Service URI: https://boshtv.mediares.ucl.ac.uk:11000/NodeService
>
>and a dialogue saying a more human version of same (Cannot open node..)
>
>This only occurs with a different default user cert, and concerns me if end
>users can make these sorts of changes to installed systems and stop them
>working.
>
>so,
>
>Is it the case that the node configuration and service parameters are
>unique to
>each imported/default ID?
>
>Since NodeManagement script doesn't seem to run from the command line anymore
>reliably (i've only successfully managed my node with the venueclient>prefs
>entry), any way I can check whether this is a null or missing service
>config or
>something deeper?
>
>if simple config issue, any way to brace the systems here to hold a solid
>config
>even if some user imports a personal certificate (from wherever) and sets
>it as
>default?
>
>sounds like it goes against the spirit of the latest changes I know. I am all
>for user/group personalisations, as its one of the main area of this as a
>service that worries me. but seems somethings might be amiss here.
>
>many thanks
>lewis
>
>
>
>--
>......................................................
>Lewis Grantham LLB MSc
>Project Leader, Multimedia Unit
>Media Resources, UCL (University College London)
>Windeyer Building, Cleveland Street, London W1P 6DB
>
>Tel: (+44) 020 7679 9258 Fax: (+44) 020 7580 0995
>URL: http://www.ucl.ac.uk/mediares/mmedia
More information about the ag-tech
mailing list