The skip-ca-check parameter in VOMS Admin changes the definition of what a unique user is in VOMS. When skip-ca-check is false, no two users can share the same certificate (subject,issuer) couple. When skip-ca-check is true, no two users can share the same certificate subject.

All operations dealing with certificates (user creation, certificate requests etc.) must follow the same logic, and proper consistency checks must be in place.

As an example, when skip-ca-check is true it shouldn't be possible to manually create a two users with the same certificate subject, while VOMS Admin 3.4.2 allows this, mainly because the creation logic isn't aware of the change in the lookup policy.