I see that the call that's failing is gss_accept_sec_context(). That's a server-side call. (The corresponding client-side call is gss_init_sec_context().) So I think the issue is the server-side environment variables, not the client-side. Maybe you need to set X509_CERT_DIR in the /etc/xinetd.d entry for your gridftp server or create an /etc/grid-security/certificates directory/symlink for the server-side to use.
On 10/28/10 10:34 AM, Estanislao Gonzalez wrote: > Hi, > > I'm having a headaches understanding how are environmental variables > read and in which order. > > I'm running globus-url-copy from the same machine running a grid server > and the user X509_CERT_DIR is apparently not being used... > > e...@ipcc-mpi:~$ env | grep 509 > X509_CERT_DIR=/pf/k/egon/.globus_ipcc/certificates-esg > X509_USER_PROXY=/pf/k/egon/.globus_ipcc/certificate-file > e...@ipcc-mpi:~$ ll -d $X509_CERT_DIR > drwxr-sr-x 2 egon k204 2048 Oct 22 16:41 > /pf/k/egon/.globus_ipcc/certificates-esg/ > e...@ipcc-mpi:~$ GLOBUS_ERROR_OUTPUT=1 GLOBUS_ERROR_VERBOSE=1 > globus-url-copy -list > 'gsiftp://ipcc-mpi.dkrz.de//cmip5/output/MPI-M/ECHAM6-MPIOM-TR/amip/6hr/atmos/6hrPlev/r1i1p1/v20100928/psl/' > > globus_error_put(): > globus_gsi_system_config.c:globus_i_gsi_sysconfig_check_certfile_unix:4967: > File is not owned by current user: /etc/grid-security/hostcert.pem is > not owned by current user > [...] > 500 500-Command failed. : globus_xio_gsi: gss_accept_sec_context failed. > 500-globus_gsi_gssapi: Error with gss context > 500-globus_gsi_gssapi: Error with GSI credential > 500-globus_sysconfig: Could not find a valid trusted CA certificates > directory: The trusted certificates directory could not be found in any > of the following locations: > 500-1) env. var. X509_CERT_DIR > 500-2) $HOME/.globus/certificates > 500-3) /etc/grid-security/certificates > 500-4) $GLOBUS_LOCATION/share/certificates > 500- > 500 End. > > Any idea why? > > Thanks, > Estani >