[AG-TECH] AG2.2 Server Administration with Service Certs
Michael Miller
mimiller at ncsa.uiuc.edu
Thu Jul 8 09:58:28 CDT 2004
I've been toying with using a service cert to connect to my AG2.2 venues
server. I was confused at first when I would set the service cert as the
default and then run VenueServer.py. I was unable to use the
VenueManagement.py app to connect to the venue server. Mind you this was
done with no previous .dat or .cfg files for the venue server. So I
thought I'd try using the identity cert. Setting the ID cert as the
default and restarting the venue server allowed me to connect with the
VenueManagement.py app using the ID cert. I was then able to add the DN
for the Service cert and restart everything with the service cert.
This brings a couple questions to mind. Should the service cert be added
to the admins in the first place? Are there any inherent security
risks? One might need to change something and only have the localhost
available at the moment to make the change. Would it work to install an ID
cert and a service cert, set things up and run the venue server with the
service cert and then switch the default back to the ID cert? This way
when you run the VM app you use the ID cert but the server is still running
the service cert. You wouldn't necessarily need to give the service cert
admin privileges.
Should one just run the server with the ID cert and set the proxy to expire
in 8747 hours? This has ramifications when rebooting but that would be
simple enough to work out.
At this point I'm leaning towards having both ID and service certs
installed on the server and running under the service cert and setting the
ID cert as default. Then leaving the service cert out of the admin group.
I'm just wondering if this is the most efficient/flexible way of running
things.
Any other thoughts?
Thanx,
Michael Miller
System Engineer
Visualization Technology Support
Computing and Data Management
National Center for Supercomputing Applications
University of Illinois - UC
217-649-0747
"If you're clear in your vision and trust the people in your team with
clear objectives, they will invariably do their best to achieve everything
desired, and usually deliver everything you could have hoped for and even
more." -Paul Debevec
More information about the ag-tech
mailing list