[AG-TECH] AccessGrid on a bootable live cd (Knoppix) : certificate question

Joseph joseph at cs.usyd.edu.au
Wed Aug 4 21:43:48 CDT 2004 

Hi

Thanks to the fact pointed by Thomas, I've found where was the trouble and  
AccessGrid works now as required. Thanks a lot.

For the issue of which certificate to install, what about an Identity  
Certificate for a user named Knoppix ? The passphrase would be given with  
the bootable live cd so everyone could try AccessGrid at home easily. The  
email would be something like knoppix_at_vislab... It would only mean than  
we don't really know who's behind the user named knoppix and that the  
multiple users knoppix could be connected at the same time. However, we  
would already know that it is someone with a bootable live cd who is  
connected. So, do you agree to do it this way ?

Otherwise, if the option of the Anonymous certificate is choosen, it would  
be great that each lobby allows some rooms to be used by the people with  
anonymous certificate. It would however require some people to work on  
theirs lobbys' configuration and it may take some time.

So, what do you think of it finally ?

The iso of this knoppix will be avalaible to download as soon as we have  
resolved the issue of which certificate to install.

Cheers,
     Joseph


On Wed, 04 Aug 2004 09:31:30 -0500, Thomas D. Uram <turam at mcs.anl.gov>  
wrote:

> Joseph:
>
> This line in the log:
>
> 08/03/04 23:26:03 16384 CertificateRepository  
> CertificateRepository.py:1110 DEBUG No private key dir found at  
> /home/knoppix/.AccessGrid/Config/certRepo/privatekeys/cd4b90014aaa7a0d58ffbc87591b1a52.pem
>
> makes me think that the private key does not exist properly in the cert  
> repo.  Could you start certmgr.py and 'show' this certificate, to see  
> details of the cert and private key?  It could be that there is a  
> problem with the cert repo before you put it on the cd.
>
> Where is '/tmp' defined when you boot from your knoppix cd?  On a ram  
> disk?
>
> Tom
>
>
> Joseph wrote:
>> Hi
>>  <snip>
>>
>>> We should look at the log files (or debug output) to understand why  
>>> it's  failing to use the certificate.
>>   Here is a debug output (joined to this mail), I hope it will help you  
>> ! I  have commented it a little bit.
>> BTW, the content of the error message is :
>> Private key is not available for this certificate :
>> /O=Access Grid/OU=agdev-ca.mcs.anl.gov/OU=<snip>/CN=<snip>
>> You will have to reimport or otherwise obtain a new copy.
>>  (What did I do ? I have copied an existing /home/user/.AccessGrid  
>> folder,  of an user with a valid certificate, into the  
>> /home/user/.AccessGrid of my  iso, before burning it. Then after  
>> burning, I have launched VenueClient.py  --personalNode).
>>  <snip>
>>
>>> Do multiple users log in, or just one?  If there is a generic user,  
>>> you  should be able to create a .AccessGrid directory for that user  
>>> with an  anonymous certificate (we issue these now), and have  
>>> everything work  fine.
>>   The trouble is that anonymous certificates prevent often from  
>> connecting  to some Venue, like the Asian Pacific one for example. So  
>> it's exactly  appropriate.
>>  Thanks all for your help
>>  Cheers,
>>       Joseph

More information about the Kenstest mailing list