[AG-TECH] AccessGrid on a bootable live cd (Knoppix) : certificate question

Thomas D. Uram turam at mcs.anl.gov
Thu Aug 5 01:34:23 CDT 2004

Hi Joseph:

I would favor the anonymous cert.  That way, a user could use the cd 
without needing a passphrase.

As of yesterday, the transitional venue server is allowing anonymous 
users to enter.  You would need to include the anonymous ca cert in the 
iso, also; let me know if you need the ca cert files.

Nice job!


Joseph wrote:
> Hi
> Thanks to the fact pointed by Thomas, I've found where was the trouble 
> and  AccessGrid works now as required. Thanks a lot.
> For the issue of which certificate to install, what about an Identity  
> Certificate for a user named Knoppix ? The passphrase would be given 
> with  the bootable live cd so everyone could try AccessGrid at home 
> easily. The  email would be something like knoppix_at_vislab... It would 
> only mean than  we don't really know who's behind the user named knoppix 
> and that the  multiple users knoppix could be connected at the same 
> time. However, we  would already know that it is someone with a bootable 
> live cd who is  connected. So, do you agree to do it this way ?
> Otherwise, if the option of the Anonymous certificate is choosen, it 
> would  be great that each lobby allows some rooms to be used by the 
> people with  anonymous certificate. It would however require some people 
> to work on  theirs lobbys' configuration and it may take some time.
> So, what do you think of it finally ?
> The iso of this knoppix will be avalaible to download as soon as we 
> have  resolved the issue of which certificate to install.
> Cheers,
>     Joseph
> On Wed, 04 Aug 2004 09:31:30 -0500, Thomas D. Uram <turam at mcs.anl.gov>  
> wrote:
>> Joseph:
>> This line in the log:
>> 08/03/04 23:26:03 16384 CertificateRepository  
>> CertificateRepository.py:1110 DEBUG No private key dir found at  
>> /home/knoppix/.AccessGrid/Config/certRepo/privatekeys/cd4b90014aaa7a0d58ffbc87591b1a52.pem 
>> makes me think that the private key does not exist properly in the 
>> cert  repo.  Could you start certmgr.py and 'show' this certificate, 
>> to see  details of the cert and private key?  It could be that there 
>> is a  problem with the cert repo before you put it on the cd.
>> Where is '/tmp' defined when you boot from your knoppix cd?  On a ram  
>> disk?
>> Tom
>> Joseph wrote:
>>> Hi
>>>  <snip>
>>>> We should look at the log files (or debug output) to understand why  
>>>> it's  failing to use the certificate.
>>>   Here is a debug output (joined to this mail), I hope it will help 
>>> you  ! I  have commented it a little bit.
>>> BTW, the content of the error message is :
>>> Private key is not available for this certificate :
>>> /O=Access Grid/OU=agdev-ca.mcs.anl.gov/OU=<snip>/CN=<snip>
>>> You will have to reimport or otherwise obtain a new copy.
>>>  (What did I do ? I have copied an existing /home/user/.AccessGrid  
>>> folder,  of an user with a valid certificate, into the  
>>> /home/user/.AccessGrid of my  iso, before burning it. Then after  
>>> burning, I have launched VenueClient.py  --personalNode).
>>>  <snip>
>>>> Do multiple users log in, or just one?  If there is a generic user,  
>>>> you  should be able to create a .AccessGrid directory for that user  
>>>> with an  anonymous certificate (we issue these now), and have  
>>>> everything work  fine.
>>>   The trouble is that anonymous certificates prevent often from  
>>> connecting  to some Venue, like the Asian Pacific one for example. 
>>> So  it's exactly  appropriate.
>>>  Thanks all for your help
>>>  Cheers,
>>>       Joseph

More information about the ag-tech mailing list