attributetype ( 1.3.6.1.4.1.3536.2.6.3536.10.1.117
NAME 'Mds-Authn-CA-Name-hash'
DESC 'The hash of a particular certificate'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
SINGLE-VALUE
)
attributetype ( 1.3.6.1.4.1.3536.2.6.3536.10.1.118
NAME 'Mds-Authn-Cert-file'
DESC 'The file location of a certificate'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
SINGLE-VALUE
)
attributetype ( 1.3.6.1.4.1.3536.2.6.3536.10.1.119
NAME 'Mds-Authn-Policy-file'
DESC 'The file location of a certificate signing policy'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
SINGLE-VALUE
)
attributetype ( 1.3.6.1.4.1.3536.2.6.3536.10.1.120
NAME 'Mds-Authn-CA-name'
DESC 'The name of the CA'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
SINGLE-VALUE
)
attributetype ( 1.3.6.1.4.1.3536.2.6.3536.10.1.121
NAME 'Mds-Authn-CA-policy'
DESC 'A policy of the CA'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
SINGLE-VALUE
)
attributetype ( 1.3.6.1.4.1.3536.2.6.3536.10.1.122
NAME 'Mds-Authn-Trusted-Cert-dir'
DESC 'A directory containing one or more certificates'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
SINGLE-VALUE
)
objectclass ( 1.3.6.1.4.1.3536.2.6.3536.10.1.123
NAME 'MdsCertificatePolicy'
DESC 'Information about a certificate policy'
SUP 'Mds'
STRUCTURAL
MUST ( Mds-Authn-CA-Name-hash $ Mds-Authn-Cert-file $
Mds-Authn-Policy-file $ Mds-Authn-CA-name $
Mds-Authn-CA-policy )
)
objectclass ( 1.3.6.1.4.1.3536.2.6.3536.10.1.124
NAME 'MdsAuthnGroup'
DESC 'Information about trusted certificate directories'
SUP 'Mds'
STRUCTURAL
MUST ( Mds-Authn-Trusted-Cert-dir )
)
NOTE: The OID values have been cleared for testing by Jennifer Schopf,
but of course are subject to change if required.
# generate certificate info every 12 hours dn: Mds-Host-hn=glob, Mds-Vo-name=local, o=grid objectclass: GlobusTop objectclass: GlobusActiveObject objectclass: GlobusActiveSearch type: exec path: /opt/globus/libexec base: grid-info-cert-posix args: -devclassobj -devobjs -dn Mds-Host-hn=glob,Mds-Vo-name=local,o=grid -valid to-secs 900 -keepto-secs 900 cachetime: 43200 timelimit: 50 sizelimit: 100NOTE: You will need to change the dn line (at the top, and also in the args line a little further down) that lists the hostname for your machine. My host name is "glob", so replace where it says "glob" with the hostname of your machine.
neillm@glob libexec $ ./grid-info-cert-posix dn: objectclass: MdsAuthnGroup Mds-Authn-Trusted-Cert-dir: /etc/grid-security/certificates dn: Mds-Authn-Group=Certificate Directories, objectclass: MdsAuthnGroup Mds-Authn-Trusted-Cert-dir: /etc/grid-security/certificates dn: Mds-Authn-Trusted-Cert-dir=/etc/grid-security/certificates,Mds-Authn-Group=Certificate Directories, objectclass: MdsCertificatePolicy Mds-Authn-CA-Name-hash: 42864e48 Mds-Authn-Cert-file: /etc/grid-security/certificates/42864e48.0 Mds-Authn-Policy-file: /etc/grid-security/certificates/42864e48.signing_policy Mds-Authn-CA-name: '/C=US/O=Globus/CN=Globus Certification Authority' Mds-Authn-CA-policy: "/C=us/O=Globus/*" Mds-Authn-CA-policy: "/C=US/O=Globus/*" Mds-Authn-CA-policy: "/O=Grid/O=Globus/*" Mds-validfrom: 20020923163441Z Mds-validto: 20020923163441Z Mds-keepto: 20020923163441Z
neillm@glob libexec $ ../sbin/SXXgris start Starting up Openldap 2.0 SLAPD server for the GRIS neillm@glob libexec $ grid-info-search -x "(objectclass=MdsCertificatePolicy)" -LL version: 1 dn: Mds-Authn-Trusted-Cert-dir=/etc/grid-security/certificates,Mds-Authn-Group =Certificate Directories,Mds-Host-hn=glob,Mds-Vo-name=local,o=grid objectClass: MdsCertificatePolicy Mds-Authn-CA-Name-hash: 42864e48 Mds-Authn-Cert-file: /etc/grid-security/certificates/42864e48.0 Mds-Authn-Policy-file: /etc/grid-security/certificates/42864e48.signing_policy Mds-Authn-CA-name: '/C=US/O=Globus/CN=Globus Certification Authority' Mds-Authn-CA-policy: "/C=us/O=Globus/*" Mds-Authn-CA-policy: "/C=US/O=Globus/*" Mds-Authn-CA-policy: "/O=Grid/O=Globus/*" Mds-validfrom: 20020923163532Z Mds-validto: 20020923165032Z Mds-keepto: 20020923165032Z
