The "certificate signature failure" message indicates a problem with the nextuser certificate created by myproxy-admin-adduser. The certificate should be in /var/lib/myproxy/nextuser.creds. You can use grid-proxy-init to check the certificate for errors:
grid-proxy-init -debug -verify \ -cert /var/lib/myproxy/nextuser.creds \ -key /var/lib/myproxy/nextuser.creds If you post the contents between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" from that file, maybe someone on the list can identify what's causing the signature failure. However, be careful not to post the contents between "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----" to the mailing list. On 3/23/12 12:18 PM, Lance Westerhoff wrote: > Hello All- > > I am new to Globus, and I'm trying to get my head around the setup. For > background, our goal with this work is to communication with PBS/torque jobs > using Java (such as through a webservice). Through some extensive research, > it looks like Gridway/Globus is a good choice. So I installed the following > software: > > globus-5.0.4 > gridway-5.8.1 > > On top of: > torque-3.0.2 > maui-3.2.6p21 > 152 64bit core CentOS5 cluster > > All has been well for some time with torque/maui. And with a lot of work, I > think I figured out most of the globus/gw install to the point where user > globus can submit jobs without too much trouble. Granted, the whole > credential requirement has made this install much harder then it needs to be > for a small internal cluster, but I think we are there. I can now use > gwsubmit from the globus user just fine, and jobs go through globus into the > PBS queue as expected. > > However, I can't seem to add users to the list of users able to submit. I > already emailed the gridway list and they suggest that it is a globus problem > and that I should email you instead. Here is the process I went through: > > [root@cluster]# myproxy-admin-adduser -c "Next User" -l nextuser > [root@cluster]# grid-mapfile-add-entry -dn > "/O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/OU=host.com/CN=Next User" > -ln nextuser > > But then I get this when trying to use it: > > > [nextuser@cluster]$ myproxy-logon -v -s cluster.host.com > MyProxy v5.4 22 Apr 2011 PAM OCSP > Attempting to connect to 192.168.3.50:7512 > Successfully connected to cluster.host.com:7512 > Expecting non-standard server DN > "/O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com" > using trusted certificates directory /etc/grid-security/certificates > no valid credentials found -- performing anonymous authentication > server name: > /O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com > checking that server name is acceptable... > server name matches > "/O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com" > authenticated server name is acceptable > Enter MyProxy pass phrase: > Failed to receive credentials. > ERROR from myproxy-server: > X509_verify_cert() failed: certificate signature failure > > Compared with the user globus: > > [globus@cluster ~]$ myproxy-logon -v -s cluster.host.com > MyProxy v5.4 22 Apr 2011 PAM OCSP > Attempting to connect to 192.168.3.50:7512 > Successfully connected to cluster.host.com:7512 > Expecting non-standard server DN > "/O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com" > using trusted certificates directory /etc/grid-security/certificates > server name: > /O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com > checking that server name is acceptable... > server name matches > "/O=Grid/OU=GlobusTest/OU=simpleCA-cluster.host.com/CN=host/cluster.host.com" > authenticated server name is acceptable > Enter MyProxy pass phrase: > A credential has been received for user globus in /tmp/x509up_u28889. > > > What am I missing in the setup of new users? > > Thanks for your help! > > -Lance