[Go-essp-tech] wget download certificate timeouts
Cinquini, Luca (3880)
Luca.Cinquini at jpl.nasa.gov
Mon Jul 18 07:19:17 MDT 2011
Thank you both, it works just fine,
Luca
On Jul 18, 2011, at 6:07 AM, <philip.kershaw at stfc.ac.uk> wrote:
> That's right – set this in the server config:
>
> max_cert_lifetime 72
>
> The MyProxyLogon webstart is more of a concern. Can it request the max 72 hours out of the box or does it need modification?
>
> Cheers,
> Phil
>
> From: <stephen.pascoe at stfc.ac.uk<mailto:stephen.pascoe at stfc.ac.uk>>
> Date: Mon, 18 Jul 2011 12:56:45 +0000
> To: <Luca.Cinquini at jpl.nasa.gov<mailto:Luca.Cinquini at jpl.nasa.gov>>
> Cc: <go-essp-tech at ucar.edu<mailto:go-essp-tech at ucar.edu>>
> Subject: Re: [Go-essp-tech] wget download certificate timeouts
>
> It's Phil's field but just from digging into our deployment I see we've changed the "max_proxy_lifetime" option in myproxy-server.config (in GLOBUS_HOME/etc)
>
> Cheers,
> Stephen.
>
>
> ---
> Stephen Pascoe +44 (0)1235 445980
> Centre of Environmental Data Archival
> STFC Rutherford Appleton Laboratory, Harwell Oxford, Didcot OX11 0QX, UK
>
> From: Cinquini, Luca (3880) [mailto:Luca.Cinquini at jpl.nasa.gov]
> Sent: 18 July 2011 13:50
> To: Pascoe, Stephen (STFC,RAL,RALSP)
> Cc: strandwg at ucar.edu<mailto:strandwg at ucar.edu>; go-essp-tech at ucar.edu<mailto:go-essp-tech at ucar.edu>
> Subject: Re: [Go-essp-tech] wget download certificate timeouts
>
> Hi Stephen,
> can you please remind me of how to change the MyProxy maximum lifetime on the server side ? I think Neill sent instructions but I can't find them any more...
> thanks, Luca
>
> On Jul 18, 2011, at 3:55 AM, <stephen.pascoe at stfc.ac.uk<mailto:stephen.pascoe at stfc.ac.uk>> wrote:
>
>
> Last week Garry raised the problem of myproxy certificate timeouts when downloading data using wget scripts.
>
> We have talked several times about increasing the default and/or maximum certificate lifetime for certificates issued by out myproxy servers. I recall we agreed to increase the maximum lifetime to 72 hours. This has been the case at the CEDA myproxy service for a few weeks now. I have tested PCMDI's service and it only issues certificates for 1 day.
>
> Garry, if you have a CEDA OpenID you can get a 72 hour certificate if you use the myproxy-logon [1] or myproxyclient [2] tools by adding "-t 72" to your command. I'm not sure whether the most recent java webstart app allows you to set this. I hope PCMDI and other centres will deploy the 72 hour maximum lifetime soon. Would this meet your requirements?
>
> [1] http://www.globus.org/toolkit/
> [2] http://pypi.python.org/pypi/MyProxyClient
>
> Cheers,
> Stephen
>
>
> ---
> Stephen Pascoe +44 (0)1235 445980
> Centre of Environmental Data Archival
> STFC Rutherford Appleton Laboratory, Harwell Oxford, Didcot OX11 0QX, UK
>
>
>
> --
> Scanned by iCritical.
>
> _______________________________________________
> GO-ESSP-TECH mailing list
> GO-ESSP-TECH at ucar.edu<mailto:GO-ESSP-TECH at ucar.edu>
> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
>
>
>
> --
> Scanned by iCritical.
>
> _______________________________________________ GO-ESSP-TECH mailing list GO-ESSP-TECH at ucar.edu<mailto:GO-ESSP-TECH at ucar.edu> http://mailman.ucar.edu/mailman/listinfo/go-essp-tech
> --
> Scanned by iCritical.
More information about the GO-ESSP-TECH
mailing list