Issues with ProxyRenewal

[adamboutcher]

Hi All,

Your proxy renewal shouldn't be automated as it should ask for a password, it's part of the AUP for a grid certificate. This is what the MyProxy service is for, this could have your certificate revoked if there was a security audit.

However if you wanted to be clever, you could also add a check the validity left so you don't call a new proxy every time it's run if there's say 6 hours left but really this should be user interaction.

    SECPROX=$(arcproxy -i validityEnd)
    SECNOW=$(date +%s --date "6 hours")
    if [ $SECPROX -le $SECNOW ]; then
        arcproxy >/dev/null 2>&1
    fi

[scarlehoff]

I am not sure who is still running with this in Durham, but I guess you mean these scripts: https://github.com/scarlehoff/pyHepGrid/tree/master/proxy_renewal ?

[adamboutcher]

Yes that's what I mean, specifically the proxy renewal part for this issue. We still find people use pyHepGrid to submit.

[scarlehoff]

I'll comment out the script so that it prints a warning instead.

[adamboutcher]

An initial arcproxy should be manual, and then just use the myproxy delegation for any renewal.

[scarlehoff]

I added a link to this issue. If @jcwhitehead or someone else want to add a wrapper it would be appreciated (since I don't have access anymore). In any case, I'll leave the IPPP link to MyProxy here.