1VOMS(8) VOMS(8)
2
6 voms - VOMS server
7
9 voms [-foreground] [-port port] [-backlog pnum] [-logfile file]
10 [-globusid id] [-globuspwd file] [-passfile file]
11 [-x509_cert_dir path] [-x509_cert_file file]
12 [-x509_user_cert file] [-x509_user_key file]
13 [-x509_user_proxy file] [-dbname name] [-username name]
14 [-vo name] [-timeout limit] [-test] [-conf file] [-uri uri]
15 [-version] [-code c] [-loglevel lev] [-logtype type]
16 [-logformat str] [-logdateformat str] [-debug] [-sqlloc path]
17 [-compat] [-socktimeout num] [-logmax num] [-newformat]
18 [-skipcacheck] [-help] [-usage] [-globus version]
19 [-contactstring contact] [-mysql-port port] [-mysql-socket socket]
20 [-shortfqans] [-syslog] [-base64] [-nologfile]
21
24 VOMS - Virtual Organization Membership Service.
25 For the initial setup of the server, run the voms_install_db script as
28 root.
29
32 Options may be specified indifferently with either a "-" or "--" pre‐
33 fix. Their meaning is the following.
34 -help
37 -usage
40 These options print a list of options that the server accepts. They are
43 synonyms.
44 -foreground
47 Runs part of the server in foreground. Easier debugging.
50 -port port
53 Listens on port port. The default is 754.
56 -backlog num
59 Sets the maximum backlof for the connections. The default is 50.
62 -logfile file
65 Selects the file for logging. The default is /ver/log/voms.
68 -globusid id
71 -globuspwd file
74 This options are supported for backwards compatibility only. They have
77 no effect, and indeed do not get listed by the -help option.
78 -passfile file
81 Reads the password to access the DB from file. The default is to read
84 it from the console during server's startup.
85 -x509_cert_dir path
88 -x509_cert_file file
91 -x509_user_cert file
94 -x509_user_key file
97 -x509_user_proxy file
100 These options set the respective variables.
103 -dbname name
106 Sets the name of the DB. Default voms.
109 -username name
112 Sets the name of the user for the DB login. The default is voms.
115 -vo name
118 Sets the name of the VO that owns this server. The default is unspeci‐
121 fied.
122 -timeout limit
125 Sets the length of time that the information is valid, measured in sec‐
128 ods. The default is 86400 seconds (24 hours).
129 -test
132 Prints information about the server startup and then exits.
135 -conf file
138 Reads option from the file file. The options must be present one per
141 line in the format -option[=value] where the value part must obviously
142 be present only if it is required.
143 -uri uri
146 Defines the uri of the server that will be included in the generated
149 pseudo certificate. The default value is hostname:port
150 -version
153 Prints information about the server and then exits.
156 -code c
159 -globus version
162 These option are obsolete and only present for backwards compatibility
165 with old installation. Currently, their values are ignored. Do not
166 specify them in new installations.
167 -logtype type
170 Sets the type of messages that will be loggged. Acceptable values are:
173 · 1 - STARTUP, print startup messages.
176 · 2 - REQUEST, print messages during the request interpretation phase.
178 · 4 - RESULT, print messages during the result sending phase.
180 This values can be ORed together to indicate that all the corresponding
182 types of messages are required. The default values is 255.
183 -loglevel lev
186 Sets the level of verbosity of log messages. Acceptable values are:
189 · 1 - LEV_NONE, do not log anything.
192 · 2 - LEV_ERROR, the default, logs only error conditions.
194 · 3 - LEV_WARNINGS, logs also warning messages.
196 · 4 - LEV_INFO, logs also general informational messages.
198 · 5 - LEV_DEBUG, logs also a lot of debug messages. Setting this level
200 of verbosity overwrites the value of the -logtype option to 255.
201 Higher values include all messages printed by lower ones, and values
203 not documented here are translated as the highest level possible,
204 LEV_DEBUG
205 -logformat str
208 Sets the format used by the loggin system according toa printf-like
211 format string with the following directives format: \%[size][char]
212 where size, if present, sets the maximum length of the field and char
213 selects the type of substitution done. Possible values are the follow‐
214 ing:
215 · % - Substitutes a plain '%'.
218 · d - Substitutes the date. The date format is specified by the -log‐
220 dateformat option.
221 · f - Substitutes the name of the source file that logs the message.
223 · F - Substitutes the name of the function that logs the message.
225 · h - Substitutes the hostname of the machine hosting the service.
227 · l - Substitutes the line number that logs the message.
229 · m - Substitutes the message proper.
231 · p - Substitutes the process' pid.
233 · s - Substitutes the service name ("vomsd").
235 · t - Substitutes the number of the message type. (see the -logtype
237 option)
238 · T - Substitutes the name of the message type. (see the -logtype op‐
240 tion)
241 · v - Substitutes the number of the message level. (see the -loglevel
243 option)
244 · V - Substitutes the name of the message level. (see the -loglevel
246 option)
247 The default value for this options is: "%d:%h:%s(%p):%V:%T:%F
249 (%f:%l):%m"
250 -logdateformat str
253 This option sets the format used to print the date. The format is the
256 same used by the strftime(3) function, and its default value is: "%c".
257 -debug
260 This option puts the server into debug mode. This mode automatically
263 implies -loglevel 5. Also, this option hurts scalability and is not
264 suggested in a production environment
265 -sqlloc /path/file
268 This option specifies the full path for the DB access library. Please
271 note that there is no default for this option!
272 -socktimeout num
275 This option sets the amount of time, in seconds, after which the server
278 will drop an inactive connection. The default is 60 seconds.
279 -maxlog num
282 This options sets the maximum size of a log file. Please note that this
285 size is approximate, and may be exceeded by a few thousand bytes. In
286 any case, when the specified amount is surpassed, logfiles are rotated.
287 The default is 10Mb
288 -newformat
291 This forces the server to generate ACs in the new (correct) format.
294 This is meant as a compatibility feature to ease migration while the
295 servers upgrade to the new version.
296 -skipcacheck
299 This option, if specified, forces voms to drop some of the checks done
302 as the authorization step before AC creation. Specifically, voms will
303 no longer be capable of distinguishing to certificates with the same DN
304 but different issuers. For obvious reasons, use of this option is dis‐
305 couraged. Note also that activating this option requires a previous
306 check by the voms server administrator that there are no certificates
307 registered in the DB which the same DN and different issuers. If there
308 are, the result of a voms-proxy-init command for one of those users
309 will be unpredictable.
310 -contactstring contact
313 This string specifies information on how to contact the DB server. Its
316 exact meaning depends on the DB backend used. For MySQL it is the host‐
317 name of the MySQL server, and it defaults to 'localhost'. For Oracle it
318 is the contactstring of the DB. However, for oracle it is better to put
319 what whould be the argument of this string into the 'tnsnames.ora' file
320 and ignore this option,
321 -mysql-port port
324 This option specified the port on which the MySQL server is listening
327 if it is different from its 3306 default. This value is ignored for Or‐
328 acle backends.
329 -mysql-socket socket
332 MySQL servers may be configured to allow access through a unix-level
335 socket. This option allows to specify this method of contact. However,
336 it is almost always better to contact the server through the port. This
337 option is ignored for Oracle backends.
338 -shortfqans
341 This option instructs the server to always generate FQANs in their
344 short form, i.e. without the /Role=NULL and /Capability=NULL parts.
345 Successive server version will make this behaviour the default, and
346 provide a -noshortfqans option to fallback to the longer format. Speci‐
347 fying this option is recommended.
348 -syslog
351 This option allows log messages to be sent to syslog.
354 -base64
357 This option instructs the server to use the base64 encoding for its
360 messages, rather than the in-house encoding. This option will be made
361 the default in future versions and -nobase64 will be provided to fall‐
362 back to the inhouse encoding. Specifying this option is recommended.
363 -nologfile
366 This option disables logging on the voms specific logfile. Please note
369 that specifying this option without at the same time specifying -syslog
370 implies that no logging will take place.
371
374 EGEE Bug Tracking Tool: https://savannah.cern.ch/projects/jra1mdw/
375
378 voms-proxy-init(1), voms-proxy-info(1), voms-proxy-destroy(1)
379 EDT Auth Home page: http://grid-auth.infn.it
382 CVSweb: http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms
385 RPM repository: http://datagrid.in2p3.fr/distribution/auto‐
388 build/i386-rh7.3
389
392 Vincenzo Ciaschini <Vincenzo.Ciaschini@cnaf.infn.it>.
393 Valerio Venturi <Valerio.Venturi@cnaf.infn.it>.
396
399 Copyright (c) Members of the EGEE Collaboration. 2004. See the benefi‐
400 ciaries list for details on the copyright holders.
401 Licensed under the Apache License, Version 2.0 (the "License"); you may
404 not use this file except in compliance with the License. You may obtain
405 a copy of the License at
406 www.apache.org/licenses/LICENSE-2.0: http://www.apache.org/licenses/LI‐
409 CENSE-2.0
410 Unless required by applicable law or agreed to in writing, software
413 distributed under the License is distributed on an "AS IS" BASIS, WITH‐
414 OUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
415 See the License for the specific language governing permissions and
416 limitations under the License.
417 VOMS(8)