The "certificate signature failure" message indicates a problem with the
nextuser certificate created by myproxy-admin-adduser. The certificate
should be in /var/lib/myproxy/nextuser.creds. You can use
grid-proxy-init to check the certificate for errors:
grid-proxy-init -debug -verify \
-cert /var/lib/myproxy/nextuser.creds \
-key /var/lib/myproxy/nextuser.creds
If you post the contents between "-----BEGIN CERTIFICATE-----" and
"-----END CERTIFICATE-----" from that file, maybe someone on the list
can identify what's causing the signature failure. However, be careful
not to post the contents between "-----BEGIN RSA PRIVATE KEY-----" and
"-----END RSA PRIVATE KEY-----" to the mailing list.
On 3/23/12 12:18 PM, Lance Westerhoff wrote:
> Hello All-
>
> I am new to Globus, and I'm trying to get my head around the setup. For
> background, our goal with this work is to communication with PBS/torque jobs
> using Java (such as through a webservice). Through some extensive research,
> it looks like Gridway/Globus is a good choice. So I installed the following
> software:
>
> globus-5.0.4
> gridway-5.8.1
>
> On top of:
> torque-3.0.2
> maui-3.2.6p21
> 152 64bit core CentOS5 cluster
>
> All has been well for some time with torque/maui. And with a lot of work, I
> think I figured out most of the globus/gw install to the point where user
> globus can submit jobs without too much trouble. Granted, the whole
> credential requirement has made this install much harder then it needs to be
> for a small internal cluster, but I think we are there. I can now use
> gwsubmit from the globus user just fine, and jobs go through globus into the
> PBS queue as expected.
>
> However, I can't seem to add users to the list of users able to submit. I
> already emailed the gridway list and they suggest that it is a globus problem
> and that I should email you instead. Here is the process I went through:
>
> [root@cluster]# myproxy-admin-adduser -c "Next User" -l nextuser
> [root@cluster]# grid-mapfile-add-entry -dn
> "/O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/OU=host.com/CN=Next User"
> -ln nextuser
>
> But then I get this when trying to use it:
>
>
> [nextuser@cluster]$ myproxy-logon -v -s cluster.host.com
> MyProxy v5.4 22 Apr 2011 PAM OCSP
> Attempting to connect to 192.168.3.50:7512
> Successfully connected to cluster.host.com:7512
> Expecting non-standard server DN
> "/O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com"
> using trusted certificates directory /etc/grid-security/certificates
> no valid credentials found -- performing anonymous authentication
> server name:
> /O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com
> checking that server name is acceptable...
> server name matches
> "/O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com"
> authenticated server name is acceptable
> Enter MyProxy pass phrase:
> Failed to receive credentials.
> ERROR from myproxy-server:
> X509_verify_cert() failed: certificate signature failure
>
> Compared with the user globus:
>
> [globus@cluster ~]$ myproxy-logon -v -s cluster.host.com
> MyProxy v5.4 22 Apr 2011 PAM OCSP
> Attempting to connect to 192.168.3.50:7512
> Successfully connected to cluster.host.com:7512
> Expecting non-standard server DN
> "/O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com"
> using trusted certificates directory /etc/grid-security/certificates
> server name:
> /O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com
> checking that server name is acceptable...
> server name matches
> "/O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com"
> authenticated server name is acceptable
> Enter MyProxy pass phrase:
> A credential has been received for user globus in /tmp/x509up_u28889.
>
>
> What am I missing in the setup of new users?
>
> Thanks for your help!
>
> -Lance
