Poster of Linux kernelThe best gift for a Linux geek


Section: VOMS Server (8) Updated: 11/03/2010
Local index Up


voms - VOMS server  


voms [-foreground] [-port port] [-backlog pnum] [-logfile file] [-globusid id] [-globuspwd file] [-passfile file] [-x509_cert_dir path] [-x509_cert_file file] [-x509_user_cert file] [-x509_user_key file] [-x509_user_proxy file] [-dbname name] [-username name] [-vo  name] [-timeout  limit] [-test] [-conf  file] [-uri  uri] [-version] [-code c] [-loglevel lev] [-logtype type] [-logformat str] [-logdateformat str] [-debug] [--sqlloc path] [--compat] [--socktimeout num] [--maxlog num] [--newformat] [--skipcacheck]


VOMS - Virtual Organization Membership Service.

For the initial setup of the server, run the voms_install_db script as root.  


Options may be specified indifferently with either a "-" or "--" prefix. Their meaning is the following.


Runs part of the server in foreground. Easier debugging.

-port port

Listens on port port. The default is 754.

-backlog num

Sets the maximum backlof for the connections. The default is 50.

-logfile file

Selects the file for logging. The default is /ver/log/voms.

-globusid id

Sets the server's id. The default is the cert's subject.

-globuspwd file

Sets the globuspwd variable.

-passfile file

Reads the password to access the DB from file. The default is to read it from the console during server's startup.

-x509_cert_dir path

-x509_cert_file file

-x509_user_cert file

-x509_user_key file

-x509_user_proxy file

These options set the respective variables.

-dbname name

Sets the name of the DB. Default voms.

-username name

Sets the name of the user for the DB login. The default is voms.

-vo name

Sets the name of the VO that owns this server. The default is unspecified.

-timeout limit

Sets the length of time that the information is valid, measured in secods. The default is 86400 seconds (24 hours).


Prints information about the server startup and then exits.

-conf file

Reads option from the file file. The options must be present one per line in the format -option[=value] where the value part must obviously be present only if it is required.

-uri uri

Defines the uri of the server that will be included in the generated pseudo certificate. The default value is hostname:port


Prints information about the server and then exits.

-code c

Defines a subset of AC serial numbers to be used in case multiple servers share the same host certificate. If not specified, this is the same as the port number

-logtype type

Sets the type of messages that will be loggged. Acceptable values are:

• 1 - STARTUP, print startup messages.

• 2 - REQUEST, print messages during the request interpretation phase.

• 4 - RESULT, print messages during the result sending phase.

This values can be ORed together to indicate that all the corresponding types of messages are required. The default values is 255.

-loglevel lev

Sets the level of verbosity of log messages. Acceptable values are:

• 1 - LEV_NONE, do not log anything.

• 2 - LEV_ERROR, the default, logs only error conditions.

• 3 - LEV_WARNINGS, logs also warning messages.

• 4 - LEV_INFO, logs also general informational messages.

• 5 - LEV_DEBUG, logs also a lot of debug messages. Setting this level of verbosity overwrites the value of the -logtype option to 255.

Higher values include all messages printed by lower ones, and values not documented here are translated as the highest level possible, LEV_DEBUG

-logformat str

Sets the format used by the loggin system according toa printf-like format string with the following directives format: \%[size][char] where size, if present, sets the maximum length of the field and char selects the type of substitution done. Possible values are the following:

• % - Substitutes a plain '%'.

• d - Substitutes the date. The date format is specified by the -logdateformat option.

• f - Substitutes the name of the source file that logs the message.

• F - Substitutes the name of the function that logs the message.

• h - Substitutes the hostname of the machine hosting the service.

• l - Substitutes the line number that logs the message.

• m - Substitutes the message proper.

• p - Substitutes the process' pid.

• s - Substitutes the service name ("vomsd").

• t - Substitutes the number of the message type. (see the -logtype option)

• T - Substitutes the name of the message type. (see the -logtype option)

• v - Substitutes the number of the message level. (see the -loglevel option)

• V - Substitutes the name of the message level. (see the -loglevel option)

The default value for this options is: "%d:%h:%s(%p):%V:%T:%F (%f:%l):%m"

-logdateformat str

This option sets the format used to print the date. The format is the same used by the strftime(3) function, and its default value is: "%c".


This option puts the server into debug mode. This mode automatically implies -loglevel 5. Also, this option hurts scalability and is not suggested in a production environment

-sqlloc /path/file

This option specifies the full path for the DB access library. Please note that there is no default for this option!

-socktimeout num

This option sets the amount of time, in seconds, after which the server will drop an inactive connection. The default is 60 seconds.

-maxlog num

This options sets the maximum size of a log file. Please note that this size is approximate, and may be exceeded by a few thousand bytes. In any case, when the specified amount is surpassed, logfiles are rotated. The default is 10Mb


This forces the server to generate ACs in the new (correct) format. This is meant as a compatibility feature to ease migration while the servers upgrade to the new version.


This option, if specified, forces voms to drop some of the checks done as the authorization step before AC creation. Specifically, voms will no longer be capable of distinguishing to certificates with the same DN but different issuers. For obvious reasons, use of this option is discouraged. Note also that activating this option requires a previous check by the voms server administrator that there are no certificates registered in the DB which the same DN and different issuers. If there are, the result of a voms-proxy-init command for one of those users will be unpredictable.  


m[blue]EGEE Bug Tracking Toolm[][1]  


voms-proxy-init(1), voms-proxy-info(1), voms-proxy-destroy(1)

m[blue]EDT Auth Home pagem[][2]


m[blue]RPM repositorym[][4]  


Vincenzo Ciaschini

Valerio Venturi  


Copyright (c) Members of the EGEE Collaboration. 2004. See the beneficiaries list for details on the copyright holders.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at


Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.  


EGEE Bug Tracking Tool
EDT Auth Home page
RPM repository




This document was created by man2html, using the manual pages.
Time: 22:02:37 GMT, April 16, 2011