Disclaimer

Before a new VO is started in PPS an agreement must be done among all the interested parts (mainly the representatives of the interested user community and the PPS management). The definition and extents of this negotiation process are out of the scope of this page. The only output needed from this process, from the system configuration point of view, is the name of the new VO.

Information needed to VOMS Administrators

Once that above agreement has been reached the only information needed to VOMS administrators to start the VO is

1 Vo Name 2 Full name of a contact person for the VO 3 e-mail of the contact person (it may be a mailing list) 4 Distinguished Name (DN) of the contact person (it is the subject of the Globus certificate)

The desired VO name to be used in the system should be an output of the previous negotiation process.

Once the VO has been set up

The VOMS Administrators should provide to the VO contact person: 1 The line to be configured in the /opt/glite/etc/vomses file and in the .vomses file in the user directories. 2 The certificate of the VOMS server to be stored on the UI in the directory /etc/grid-security/vomsdir/ 3. URL of the web interface for VO management.

Final memo to be mailed to the new VO admin

Once you created the proxy with

voms-proxy-init --voms

try a

voms-proxy-info -all

and search into the output if you find something bad.

In particular search for a string of the kind "Unable to verify signature!".

If this is the case you need to create a sub-dir inside the

/etc/grid-security/vomsdir/

and move the voms certificate inside that dir.

Then, before creating the proxy try and export

X509_VOMS_DIR=/etc/grid-security/vomsdir/

To access the web interface for VO management will need your personal certificate installed into your browser.

The site administrator could appear in the list of VO managers in the web interface. This is only for testing purposes. He/she will not interfere into the VO administration and will not receive notifications about user requests.

Please try the notification system generating a dummy request through the form at

https://cert-voms-01.cnaf.infn.it:8443/voms/NEW_VO_NAME/webui/userrequest/create

The user should receive a mail to verify that the email address inserted into the form is correct and is invited to visit a link. Once he visited the link the VO manager (you) is notified that the user made the request and is invited to decide about the request through the appropiate link. When you make the decision the user is notifided about your decision.

Kind regards.

-- Main.aretico - 21 Sep 2005