Be sure that the host certificate DN is in the list of trusted hosts in the myproxy server. Not all Grid Services are allowed to renew user proxies. In order to check whether your renwing agent is trusted you can use the Information Systemlike in this example: ldapsearch -p 2170 -h myproxy.cern.ch -x -LLL -b "mds-vo-name=resource,o=grid" | grep -i volhcb
The user has to register the proxy into myproxy server using the command: myproxy-init -s myproxy.cern.ch -d -n The -n option means no password required to to the rewer service and -d option informs that the DN can be used for unequivocally identify the proxy to be renewed among the ones registered in myproxy server.
Server-renewer side the special user that does the renewal (let's refer to it as edguser) has to dress the host credentials: this is the usual trick
/home/dirac/renew_proxy dirac where the script that must be run looks like
> cat /home/edguser/renew_proxy#!/bin/bashVOADMIN="edguser"VOGROUP=`id -gn ${VOADMIN}`GLOBUS_LOCATION=${GLOBUS_LOCATION:-/opt/globus}export MYPROXY_SERVER=${MYPROXY_SERVER:-myproxy.cern.ch}LCG_LOCATION=${LCG_LOCATION:-/opt/lcg}RENEWER_DIR=/tmp/proxyrenewalRENEWER_PROXY_REPOSITORY=$RENEWER_DIR/repository#directory where all proxies to be renewed are storedRENEWER_LOGDIR=$RENEWER_DIR/log#directory where all logs of operations are bookedexport X509_USER_PROXY=$RENEWER_DIR/renewd-proxy.pem#location of the host-signed proxy at the point c.if [ ! -d ${RENEWER_LOGDIR} ] ; thenmkdir -p ${RENEWER_LOGDIR} || exit -1chown ${VOADMIN}.${VOGROUP} ${RENEWER_LOGDIR}chmod 0700 ${RENEWER_LOGDIR_LOGDIR}fiif [ ! -d ${RENEWER_PROXY_REPOSITORY} ] ; thenmkdir -p ${RENEWER_PROXY_REPOSITORY} || do_failure "Cannot create repository dir ${RENEWER_PROXY_REPOSITORY}"chown ${VOADMIN}.${VOGROUP} ${RENEWER_PROXY_REPOSITORY}chmod 0700 ${RENEWER_PROXY_REPOSITORY}fifor CERT in `ls $RENEWER_PROXY_REPOSITORY`; do#it parses indistinguishably all proxies in the repository. Smarter conditions (like expiration time of each could be aplpied at this level)PROXY_DN=`${GLOBUS_LOCATION}/bin/grid-proxy-info -f ${RENEWER_PROXY_REPOSITORY}/${CERT} -subject`echo $PROXY_DNif [ $? -ne 0 ]; thenecho "`date +"%D %H:%M:%S"` : Error. Impossible to get proxy information." >> ${RENEWER_LOGDIR}/events.logecho "`date +"%D %H:%M:%S"` : ... $PROXY_DN" >> ${RENEWER_LOGDIR}/events.logcontinuefiTMP_PROXY=`mktemp`${GLOBUS_LOCATION}/bin/myproxy-get-delegation -a ${RENEWER_PROXY_REPOSITORY}/${CERT} -d -o $TMP_PROXY#this is the core.....if [ $? -eq 0 ]; thenmv $TMP_PROXY ${RENEWER_PROXY_REPOSITORY}/${CERT}#in case of success (why not?) it overwrites old proxy with the renewed one. It will be valid for 12 hoursecho "`date +"%D %H:%M:%S"` : Proxy for DN \"${PROXY_DN}\" successfully renewed " >> ${RENEWER_LOGDIR}/events.logelseecho "`date +"%D %H:%M:%S"` : ERROR. Unable to renew proxy \"${PROXY_DN}\"" >> ${RENEWER_LOGDIR}/events.logfidone