voms - VOMS server
[-foreground] [-port port] [-backlog pnum]
[-logfile file] [-globusid id]
[-globuspwd file] [-passfile file]
[-x509_cert_dir path] [-x509_cert_file file]
[-x509_user_cert file] [-x509_user_key file]
[-x509_user_proxy file] [-dbname name]
[-username name] [-vo name]
[-timeout limit] [-test]
[-conf file] [-uri uri]
[-version] [-code c] [-loglevel lev]
[-logtype type] [-logformat str]
[-logdateformat str] [-debug] [-sqlloc path]
[-compat] [-socktimeout num] [-logmax num]
[-newformat] [-skipcacheck] [-help] [-usage] [-globus version]
[-contactstring contact] [-mysql-port port]
[-mysql-socket socket] [-shortfqans] [-syslog] [-base64]
VOMS - Virtual Organization Membership Service.
For the initial setup of the server, run the voms_install_db script as root.
Options may be specified indifferently with either a "-" or
"--" prefix. Their meaning is the following.
These options print a list of options that the server accepts. They are
Runs part of the server in foreground. Easier debugging.
Listens on port port
. The default is 754.
Sets the maximum backlof for the connections. The default is 50.
Selects the file for logging. The default is /ver/log/voms.
This options are supported for backwards compatibility only. They have no
effect, and indeed do not get listed by the -help option.
Reads the password to access the DB from file
. The default is to read it
from the console during server´s startup.
These options set the respective variables.
Sets the name of the DB. Default voms
Sets the name of the user for the DB login. The default is voms
Sets the name of the VO that owns this server. The default is
Sets the length of time that the information is valid, measured in secods. The
default is 86400 seconds (24 hours).
Prints information about the server startup and then exits.
Reads option from the file file
. The options must be present one per line
in the format -option[=value]
where the value part must obviously be
present only if it is required.
Defines the uri of the server that will be included in the generated pseudo
certificate. The default value is hostname:port
Prints information about the server and then exits.
These option are obsolete and only present for backwards compatibility with old
installation. Currently, their values are ignored. Do not specify them in new
Sets the type of messages that will be loggged. Acceptable values are:
•1 - STARTUP, print startup
•2 - REQUEST, print messages during the
request interpretation phase.
•4 - RESULT, print messages during the
result sending phase.
This values can be ORed together to indicate that all the corresponding types of
messages are required. The default values is 255.
Sets the level of verbosity of log messages. Acceptable values are:
•1 - LEV_NONE, do not log
•2 - LEV_ERROR, the default, logs only
•3 - LEV_WARNINGS, logs also warning
•4 - LEV_INFO, logs also general
•5 - LEV_DEBUG, logs also a lot of
debug messages. Setting this level of verbosity overwrites the value of the
-logtype option to 255.
Higher values include all messages printed by lower ones, and values not
documented here are translated as the highest level possible, LEV_DEBUG
Sets the format used by the loggin system according toa printf-like format
string with the following directives format: \%[size][char]
if present, sets the maximum length of the field and char
type of substitution done. Possible values are the following:
•% - Substitutes a plain
•d - Substitutes the date. The date
format is specified by the -logdateformat option.
•f - Substitutes the name of the source
file that logs the message.
•F - Substitutes the name of the
function that logs the message.
•h - Substitutes the hostname of the
machine hosting the service.
•l - Substitutes the line number that
logs the message.
•m - Substitutes the message
•p - Substitutes the process´
•s - Substitutes the service name
•t - Substitutes the number of the
message type. (see the -logtype option)
•T - Substitutes the name of the
message type. (see the -logtype option)
•v - Substitutes the number of the
message level. (see the -loglevel option)
•V - Substitutes the name of the
message level. (see the -loglevel option)
The default value for this options is: "%d:%h:%s(%p):%V:%T:%F
This option sets the format used to print the date. The format is the same used
by the strftime(3) function, and its default value is: "%c".
This option puts the server into debug mode. This mode automatically implies
. Also, this option hurts scalability and is not suggested
in a production environment
This option specifies the full path for the DB access library. Please note that
there is no default for this option!
This option sets the amount of time, in seconds, after which the server will
drop an inactive connection. The default is 60 seconds.
This options sets the maximum size of a log file. Please note that this size is
approximate, and may be exceeded by a few thousand bytes. In any case, when
the specified amount is surpassed, logfiles are rotated. The default is 10Mb
This forces the server to generate ACs in the new (correct) format. This is
meant as a compatibility feature to ease migration while the servers upgrade
to the new version.
This option, if specified, forces voms to drop some of the checks done as the
authorization step before AC creation. Specifically, voms will no longer be
capable of distinguishing to certificates with the same DN but different
issuers. For obvious reasons, use of this option is discouraged. Note also
that activating this option requires a previous check by the voms server
administrator that there are no certificates registered in the DB which the
same DN and different issuers. If there are, the result of a voms-proxy-init
command for one of those users will be unpredictable.
This string specifies information on how to contact the DB server. Its exact
meaning depends on the DB backend used. For MySQL it is the hostname of the
MySQL server, and it defaults to ´localhost´. For Oracle it is
the contactstring of the DB. However, for oracle it is better to put what
whould be the argument of this string into the ´tnsnames.ora´
file and ignore this option,
This option specified the port on which the MySQL server is listening if it is
different from its 3306 default. This value is ignored for Oracle backends.
MySQL servers may be configured to allow access through a unix-level socket.
This option allows to specify this method of contact. However, it is almost
always better to contact the server through the port. This option is ignored
for Oracle backends.
This option instructs the server to always generate FQANs in their short form,
i.e. without the /Role=NULL and /Capability=NULL parts. Successive server
version will make this behaviour the default, and provide a
option to fallback to the longer format. Specifying this
option is recommended.
This option allows log messages to be sent to syslog.
This option instructs the server to use the base64 encoding for its messages,
rather than the in-house encoding. This option will be made the default in
future versions and -nobase64
will be provided to fallback to the
inhouse encoding. Specifying this option is recommended.
This option disables logging on the voms specific logfile. Please note that
specifying this option without at the same time specifying -syslog
implies that no logging will take place.
EGEE Bug Tracking Tool
voms-proxy-init(1), voms-proxy-info(1), voms-proxy-destroy(1)
EDT Auth Home page
Vincenzo Ciaschini Vincenzo.Ciaschini@cnaf.infn.it.
Valerio Venturi Valerio.Venturi@cnaf.infn.it.
Copyright (c) Members of the EGEE Collaboration. 2004. See the beneficiaries
list for details on the copyright holders.
Licensed under the Apache License, Version 2.0 (the "License"); you
may not use this file except in compliance with the License. You may obtain a
copy of the License at
Unless required by applicable law or agreed to in writing, software distributed
under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations under
- EGEE Bug Tracking Tool
- EDT Auth Home page
- RPM repository