[AG-TECH] AccessGrid on a bootable live cd (Knoppix) : certificate question
joseph at cs.usyd.edu.au
Wed Aug 4 21:43:48 CDT 2004
Thanks to the fact pointed by Thomas, I've found where was the trouble and
AccessGrid works now as required. Thanks a lot.
For the issue of which certificate to install, what about an Identity
Certificate for a user named Knoppix ? The passphrase would be given with
the bootable live cd so everyone could try AccessGrid at home easily. The
email would be something like knoppix_at_vislab... It would only mean than
we don't really know who's behind the user named knoppix and that the
multiple users knoppix could be connected at the same time. However, we
would already know that it is someone with a bootable live cd who is
connected. So, do you agree to do it this way ?
Otherwise, if the option of the Anonymous certificate is choosen, it would
be great that each lobby allows some rooms to be used by the people with
anonymous certificate. It would however require some people to work on
theirs lobbys' configuration and it may take some time.
So, what do you think of it finally ?
The iso of this knoppix will be avalaible to download as soon as we have
resolved the issue of which certificate to install.
On Wed, 04 Aug 2004 09:31:30 -0500, Thomas D. Uram <turam at mcs.anl.gov>
> This line in the log:
> 08/03/04 23:26:03 16384 CertificateRepository
> CertificateRepository.py:1110 DEBUG No private key dir found at
> makes me think that the private key does not exist properly in the cert
> repo. Could you start certmgr.py and 'show' this certificate, to see
> details of the cert and private key? It could be that there is a
> problem with the cert repo before you put it on the cd.
> Where is '/tmp' defined when you boot from your knoppix cd? On a ram
> Joseph wrote:
>>> We should look at the log files (or debug output) to understand why
>>> it's failing to use the certificate.
>> Here is a debug output (joined to this mail), I hope it will help you
>> ! I have commented it a little bit.
>> BTW, the content of the error message is :
>> Private key is not available for this certificate :
>> /O=Access Grid/OU=agdev-ca.mcs.anl.gov/OU=<snip>/CN=<snip>
>> You will have to reimport or otherwise obtain a new copy.
>> (What did I do ? I have copied an existing /home/user/.AccessGrid
>> folder, of an user with a valid certificate, into the
>> /home/user/.AccessGrid of my iso, before burning it. Then after
>> burning, I have launched VenueClient.py --personalNode).
>>> Do multiple users log in, or just one? If there is a generic user,
>>> you should be able to create a .AccessGrid directory for that user
>>> with an anonymous certificate (we issue these now), and have
>>> everything work fine.
>> The trouble is that anonymous certificates prevent often from
>> connecting to some Venue, like the Asian Pacific one for example. So
>> it's exactly appropriate.
>> Thanks all for your help
More information about the ag-tech