-
Notifications
You must be signed in to change notification settings - Fork 4
Continuously Update X509 User Proxy with VOMS Attributes
The following is a method to continuously provide a valid X509 user proxy certificate with VOMS attributes. Please review the procedure and see if it conflicts with your site's security policy.
The first step is to create a long lasting X509 user proxy without VOMS attribute. You may need to do this once a year.
baseproxy=$HOME/.globus/base.proxy
grid-proxy-init -cert usercert.pem -key userkey.pem -out $baseproxy -valid 10000:00
You will likely need to type in the password for userkey.pem. This will create a long lasting user proxy at $baseproxy. The life time is 10000 hours (or shorted to the maximum allowed by usercert.pem / userkey.pem). Make sure file $baseproxy is protected and nobody other than yourself have access.
To create an x509 user proxy with ATLAS VOMS attribute:
voms-proxy-init -voms atlas:/atlas -cert $baseproxy -key $baseproxy -valid 96:00 -out /tmp/x509up_u`id -u`
This will create a X509 user proxy with VOMS attributes at the default location. No password is needed (That is why you need to protect $baseproxy). Most VOs limits the lifetime of this certificate to just a few days. You can use a cron job to continuously update the x509 proxy.