NAME
voms - VOMS server
SYNOPSIS
voms [-foreground] [-port port] [-backlog pnum] [-logfile file]
[-globusid id] [-globuspwd file] [-passfile file]
[-x509_cert_dir path] [-x509_cert_file file]
[-x509_user_cert file] [-x509_user_key file]
[-x509_user_proxy file] [-dbname name] [-username name]
[-vo name] [-timeout limit] [-test] [-conf file] [-uri uri]
[-version] [-code c] [-loglevel lev] [-logtype type]
[-logformat str] [-logdateformat str] [-debug] [--sqlloc path]
[--compat] [--socktimeout num] [--maxlog num] [--newformat]
[--skipcacheck]
DESCRIPTION
VOMS - Virtual Organization Membership Service.
For the initial setup of the server, run the voms_install_db script as
root.
OPTIONS
Options may be specified indifferently with either a "-" or "--"
prefix. Their meaning is the following.
-foreground
Runs part of the server in foreground. Easier debugging.
-port port
Listens on port port. The default is 754.
-backlog num
Sets the maximum backlof for the connections. The default is 50.
-logfile file
Selects the file for logging. The default is /ver/log/voms.
-globusid id
Sets the server's id. The default is the cert's subject.
-globuspwd file
Sets the globuspwd variable.
-passfile file
Reads the password to access the DB from file. The default is to read
it from the console during server's startup.
-x509_cert_dir path
-x509_cert_file file
-x509_user_cert file
-x509_user_key file
-x509_user_proxy file
These options set the respective variables.
-dbname name
Sets the name of the DB. Default voms.
-username name
Sets the name of the user for the DB login. The default is voms.
-vo name
Sets the name of the VO that owns this server. The default is
unspecified.
-timeout limit
Sets the length of time that the information is valid, measured in
secods. The default is 86400 seconds (24 hours).
-test
Prints information about the server startup and then exits.
-conf file
Reads option from the file file. The options must be present one per
line in the format -option[=value] where the value part must obviously
be present only if it is required.
-uri uri
Defines the uri of the server that will be included in the generated
pseudo certificate. The default value is hostname:port
-version
Prints information about the server and then exits.
-code c
Defines a subset of AC serial numbers to be used in case multiple
servers share the same host certificate. If not specified, this is the
same as the port number
-logtype type
Sets the type of messages that will be loggged. Acceptable values are:
· 1 - STARTUP, print startup messages.
· 2 - REQUEST, print messages during the request interpretation
phase.
· 4 - RESULT, print messages during the result sending phase.
This values can be ORed together to indicate that all the corresponding
types of messages are required. The default values is 255.
-loglevel lev
Sets the level of verbosity of log messages. Acceptable values are:
· 1 - LEV_NONE, do not log anything.
· 2 - LEV_ERROR, the default, logs only error conditions.
· 3 - LEV_WARNINGS, logs also warning messages.
· 4 - LEV_INFO, logs also general informational messages.
· 5 - LEV_DEBUG, logs also a lot of debug messages. Setting this
level of verbosity overwrites the value of the -logtype option to
255.
Higher values include all messages printed by lower ones, and values
not documented here are translated as the highest level possible,
LEV_DEBUG
-logformat str
Sets the format used by the loggin system according toa printf-like
format string with the following directives format: \%[size][char]
where size, if present, sets the maximum length of the field and char
selects the type of substitution done. Possible values are the
following:
· % - Substitutes a plain '%'.
· d - Substitutes the date. The date format is specified by the
-logdateformat option.
· f - Substitutes the name of the source file that logs the message.
· F - Substitutes the name of the function that logs the message.
· h - Substitutes the hostname of the machine hosting the service.
· l - Substitutes the line number that logs the message.
· m - Substitutes the message proper.
· p - Substitutes the process' pid.
· s - Substitutes the service name ("vomsd").
· t - Substitutes the number of the message type. (see the -logtype
option)
· T - Substitutes the name of the message type. (see the -logtype
option)
· v - Substitutes the number of the message level. (see the -loglevel
option)
· V - Substitutes the name of the message level. (see the -loglevel
option)
The default value for this options is: "%d:%h:%s(%p):%V:%T:%F
(%f:%l):%m"
-logdateformat str
This option sets the format used to print the date. The format is the
same used by the strftime(3) function, and its default value is: "%c".
-debug
This option puts the server into debug mode. This mode automatically
implies -loglevel 5. Also, this option hurts scalability and is not
suggested in a production environment
-sqlloc /path/file
This option specifies the full path for the DB access library. Please
note that there is no default for this option!
-socktimeout num
This option sets the amount of time, in seconds, after which the server
will drop an inactive connection. The default is 60 seconds.
-maxlog num
This options sets the maximum size of a log file. Please note that this
size is approximate, and may be exceeded by a few thousand bytes. In
any case, when the specified amount is surpassed, logfiles are rotated.
The default is 10Mb
-newformat
This forces the server to generate ACs in the new (correct) format.
This is meant as a compatibility feature to ease migration while the
servers upgrade to the new version.
-skipcacheck
This option, if specified, forces voms to drop some of the checks done
as the authorization step before AC creation. Specifically, voms will
no longer be capable of distinguishing to certificates with the same DN
but different issuers. For obvious reasons, use of this option is
discouraged. Note also that activating this option requires a previous
check by the voms server administrator that there are no certificates
registered in the DB which the same DN and different issuers. If there
are, the result of a voms-proxy-init command for one of those users
will be unpredictable.
BUGS
EGEE Bug Tracking Tool[1]
SEE ALSO
voms-proxy-init(1), voms-proxy-info(1), voms-proxy-destroy(1)
EDT Auth Home page[2]
CVSweb[3]
RPM repository[4]
AUTHORS
Vincenzo Ciaschini Vincenzo.Ciaschini@cnaf.infn.it.
Valerio Venturi Valerio.Venturi@cnaf.infn.it.
COPYRIGHT
Copyright (c) Members of the EGEE Collaboration. 2004. See the
beneficiaries list for details on the copyright holders.
Licensed under the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License. You may obtain
a copy of the License at
www.apache.org/licenses/LICENSE-2.0[5]
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.
NOTES
1. EGEE Bug Tracking Tool
https://savannah.cern.ch/projects/jra1mdw/
2. EDT Auth Home page
http://grid-auth.infn.it
3. CVSweb
http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms
4. RPM repository
http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3
5. www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/LICENSE-2.0