[AG-TECH] AG2.2 Server Administration with Service Certs

Michael Miller mimiller at ncsa.uiuc.edu
Thu Jul 8 09:58:28 CDT 2004 

I've been toying with using a service cert to connect to my AG2.2 venues 
server.  I was confused at first when I would set the service cert as the 
default and then run VenueServer.py.  I was unable to use the 
VenueManagement.py app to connect to the venue server.  Mind you this was 
done with no previous .dat or .cfg files for the venue server.  So I 
thought I'd try using the identity cert.  Setting the ID cert as the 
default and restarting the venue server allowed me to connect with the 
VenueManagement.py app using the ID cert.  I was then able to add the DN 
for the Service cert and restart everything with the service cert.

This brings a couple questions to mind.  Should the service cert be added 
to the admins in the first place?  Are there any inherent security 
risks?  One might need to change something and only have the localhost 
available at the moment to make the change.  Would it work to install an ID 
cert and a service cert, set things up and run the venue server with the 
service cert and then switch the default back to the ID cert?  This way 
when you run the VM app you use the ID cert but the server is still running 
the service cert.  You wouldn't necessarily need to give the service cert 
admin privileges.

Should one just run the server with the ID cert and set the proxy to expire 
in 8747 hours? This has ramifications when rebooting but that would be 
simple enough to work out.

At this point I'm leaning towards having both ID and service certs 
installed on the server and running under the service cert and setting the 
ID cert as default.  Then leaving the service cert out of the admin group. 
I'm just wondering if this is the most efficient/flexible way of running 
things.

Any other thoughts?

Thanx,

Michael Miller
System Engineer
Visualization Technology Support
Computing and Data Management
National Center for Supercomputing Applications
University of Illinois - UC
217-649-0747

"If you're clear in your vision and trust the people in your team with 
clear objectives, they will invariably do their best to achieve everything 
desired, and usually deliver everything you could have hoped for and even 
more." -Paul Debevec

More information about the ag-tech mailing list