VOMS is a system to classify users that are part of a Virtual Organization (VO) on the base of a set of attributes that will be granted to them upon request and to include that information inside Globus-compatible proxy certificates.
VOMS consists of two main components:
VOMS and VOMS Admin are included in VDT 1.3.0 (in the $VDT_LOCATION/voms directory). They come with all the required supporting software (e.g. MySQL, Tomcat, Java/Perl libraries).
If you are already part of a VO, you can use voms-proxy-init to create a GSI proxy with special permissions that your VO entitles you to. The proxy is fully compatible with the standard Globus proxy format, but it has additional VO-related attributes in it. Grid services that you will subsequently authenticate with may be configured to read these attributes from your proxy and perform decisions based on their values.
When you run voms-proxy-init, it contacts your VO's VOMS server, authenticates to it using your "normal" proxy, receives the VO-specific attributes, and creates a new proxy with these attributes. To specify the name of the VO to contact you use the --voms optin, e.g.:
voms-proxy-init --voms MyProjectvoms-proxy-init finds the address of the server for the given VO (i.e. MyProject) by looking through a series of configuration directories, namely:
NAME SERVER_HOST SERVER_PORT SERVER_DN DESCRIPTIONFor example:
"MyProject" "south.cs.wisc.edu" "12121" "/DC=org/DC=doegrids/OU=Services/CN=south.cs.wisc.edu" "MyProject VO"The administrator(s) of your VO(s) should give you the exact settings.
VOMS Server for MyProject not known!
VOMS is a new VDT component and we're working hard to make the server configuration as simple as possible. Since this is changing rapidly, please see the appropriate per-release documentation for information on setting up a VOMS server.