[myproxy-announce] MyProxy 4.7 released

Jim Basney jbasney at ncsa.uiuc.edu
Wed May 6 15:09:43 CDT 2009

MyProxy 4.7 is now available from the MyProxy web site

SHA1 checksum:
4e7a0fcf9de8599cb2a344cf3639d5baabdf9df7  myproxy-4.7.tar.gz
MD5 checksum:
dcc24f8801a11c03f8a13e028566ea2c  myproxy-4.7.tar.gz

Changes in this release:
  - in myproxy-get-trustroots and myproxy-logon -T, update files
    atomically (using rename) rather than overwriting
  - add myproxy-get-trustroots.cron example for keeping
    /etc/grid-security/certificates up-to-date
  - support linking against flavored VOMS libraries
  - fix "self-authorization" check for CA requests
  - check certificate requests and issued certificates in the CA:
    - add certificate_request_checker and certificate_issuer_checker
      options in myproxy-server.config for specifying call-outs
      before and after the MyProxy CA signs certificates
    - example myproxy-cert-checker and myproxy-certreq-checker
      call-outs are installed in $GLOBUS_LOCATION/share/myproxy
    - only accept RSA keys in certificate requests
    - don't allow RSA exponents < 65537
    - add min_keylen option in myproxy-server.config for specifying a
      minimum allowed RSA key length
  - add syslog_facility option in myproxy-server.config to configure
    the myproxy-server to log to the specified syslog facility; the
    default is the "daemon" facility
  - added an example in myproxy-accepted-credentials-mapapp
    of how to ban users (http://myproxy.ncsa.uiuc.edu/blacklist.html)
  - added myproxy-admin-query -o option to query by owner DN
  - replace fixed-length buffer in read_data_file() (credential
    repository file parser) with dynamically-sized buffer to support
    credentials with policies longer than 511 characters
  - added certificate_serial_skip in myproxy-server.config to support
    staggered serial numbers across multiple CA instances
  - added certificate_issuer_hashalg in myproxy-server.config to
    configure the MyProxy CA to issue certificates using SHA-2 hash
    algorithms (SHA-224, SHA-256, SHA-384, SHA-512) rather than SHA-1
    (the default). Requires OpenSSL 0.9.8 or later.

We appreciate your feedback on the MyProxy software.  Please submit bug
reports, feature requests, etc., to <http://bugzilla.globus.org/>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3116 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.globus.org/pipermail/myproxy-announce/attachments/20090506/b862aca8/attachment.bin>

More information about the myproxy-announce mailing list