VOMS Admin server v. 3.4.1

Authenticate users by certificate subject

Now users are correctly authenticated by certificate subject. With default settings, VOMS Admin authenticates clients by looking at the client certificate (subject,issuer) couple. A configuration flag was introduced in VOMS Admin 3.3.2 to authenticate only by certificate subject, but the fix worked only for VO administrators. This problem is now fixed.

For instruction on how to enable this feature, see the VOMS Admin 3.3.2 release notes.

Disable membership expiration notifications

Is now possible to disable membership expiration notifications. This kind of notification do not make sense in deployments, like at CERN, where a VO administrator cannot extend the lifetime of VO members.

To disable membership expiration notifications either:

  • reconfigure the affected VO with voms-configure specifying the --disable-membership-expiration-warnings option
  • set the voms.membership.disable_expiration_warning in /etc/voms-admin/<VO>/service.properties

A restart of the service is required.

Other improvements and fixes are listed below.

Bug fixes

  • VOMS-678 : VOMS Admin skip-ca check does not work as expected for unprivileged VOMS Admin users
  • VOMS-705 : Extend membership expiration time at each sync for VO members with valid, open-ended experiment participation
  • VOMS-706 : Add the ability to disable membership expiration notifications
  • VOMS-707 : Trim whitespace and remove newlines from subject in certificate requests

Installation and configuration

Upgrade from VOMS Admin Server 3.4.0

Update the packages and restart the service.

Upgrade from VOMS Admin Server >= 3.2.0

A database upgrade and a reconfiguration (in this order) are required to upgrade to VOMS Admin server 3.4.1.

Upgrade from earlier VOMS Admin Server versions

First upgrade to VOMS Admin version 3.2.0 and then to 3.4.1.

Clean install

Follow the instructions in the VOMS System Administrator Guide.