What's in /etc/grid-security/grid-mapfile?
Charles
On Aug 28, 2007, at 7:11 AM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
wrote:
Creating the active certificates, for
grid-proxy-init -verify -debug
User Cert File: /space/users/globus/.globus/usercert.pem
User Key File: /space/users/globus/.globus/userkey.pem
Trusted CA Cert Dir: /etc/grid-security/certificates
Output File: /tmp/x509up_u1030
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-
semantic.info.bt.co.uk/OU=info.bt.co.uk/CN=globus development
Enter GRID pass phrase for this identity:
Creating proxy ................++++++++++++
.....................++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Wed Aug 29 01:04:06 2007
The url copy then gives the error message of
globus-url-copy gsiftp://semantic.info.bt.co.uk/etc/passwd file:///
tmp/x.y
error: globus_ftp_client: the server responded with an error
530 530-Login incorrect. : globus_gss_assist: Gridmap lookup
failure: Could not map /O=Grid/OU=GlobusTest/OU=simpleCA-
semantic.info.bt.co.uk/OU=info.bt.co.uk/CN=globus development
530-
530 End.
semantic%
Nicholas J. Kings (Nick)
Senior Researcher
Next Generation Web Research, BT Group Chief Technology Office
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED]
Sent: 28 August 2007 12:43
To: [email protected]
Subject: [gt-user] Installing GT4 on a Solaris machine. Mismatched DNS
All,
Can some please help explain the situation, and provide clues? I
am installing GT4 on a Solaris machine that has two different names
mapped to the same IP address. What is the sequence of mapping a
name here?
$ grid-proxy-init -debug -verify
User Cert File: /space/users/globus/.globus/usercert.pem
User Key File: /space/users/globus/.globus/userkey.pem
Trusted CA Cert Dir: /etc/grid-security/certificates
Output File: /tmp/x509up_u1030
Your identity: /O=Grid/OU=GlobusTest/OU=simpleCA-
btbreakfastclub.dev.bt.com/CN=globus development
Enter GRID pass phrase for this identity:
Creating proxy ..........++++++++++++
......................++++++++++++
Done
Proxy Verify OK
Your proxy is valid until: Wed Aug 29 00:29:44 2007
Seems to work fine, however, I get the following error messages.
$ . /space/applications/globus/etc/globus-user-env.sh
$ globus-url-copy gsiftp://semantic/etc/passwd file:///tmp/x.y
error: globus_ftp_control: gss_init_sec_context failed
GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The name of the remote
host (btbreakfastclub.dev.bt.com), and the expected name for the
remote host (semantic.info.bt.co.uk) do not match. This happens
when the name in the host certificate does not match the
information obtained from DNS and is often a DNS configuration
problem.
$ globus-url-copy gsiftp://btbreakfastclub.dev.bt.com/etc/passwd
file:///tmp/x.y
error: globus_ftp_control: gss_init_sec_context failed
GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The name of the remote
host (btbreakfastclub.dev.bt.com), and the expected name for the
remote host (semantic.info.bt.co.uk) do not match. This happens
when the name in the host certificate does not match the
information obtained from DNS and is often a DNS configuration
problem.
#
But...
When creating an appropriate set of certificates, with the OU set
to OU=simpleCA-semantic.info.bt.co.uk, globus-url-copy works, I get
the error message of:
counter-client -s https://semantic.info.bt.co.uk:8443/wsrf/services/
CounterService -debug
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}
Server.userException
faultSubcode:
faultString: GSSException: Failure unspecified at GSS-API level
[Caused by: semantic.info.bt.co.uk: semantic.info.bt.co.uk]
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:Failure unspecified
at GSS-API level. Caused by java.net.UnknownHostException:
semantic.info.bt.co.uk: semantic.info.bt.co.uk
at java.net.InetAddress.getAllByName0(InetAddress.java:1128)
Nicholas J. Kings (Nick)
Senior Researcher
Next Generation Web Research, BT Group Chief Technology Office
_____
British Telecommunications plc
Registered office: 81 Newgate Street London EC1A 7AJ
Registered in England no. 1800000
This electronic message contains information from British
Telecommunications plc which may be privileged or confidential. The
information is intended to be for the use of the individual(s) or
entity named above. If you are not the intended recipient be aware
that any disclosure, copying, distribution or use of the contents
of this information is prohibited. If you have received this
electronic message in error, please notify us by telephone or email
(to the numbers or address above) immediately.
Activity and use of the British Telecommunications plc email system
is monitored to secure its effective operation and for other lawful
business purposes. Communications using this system will also be
monitored and may be recorded to secure effective operation and for
other lawful business purposes.
