Hi, Yu
the content of
$GLOBUS_LOCATION/etc/metascheduler/ms-security-config.xml file is
<securityConfig xmlns="http://www.globus.org";>
<auth-method>
<GSISecureConversation/>
</auth-method>
<authz value="gridmap"/>
<gridmap value="/etc/grid-security/grid-mapfile"/>
</securityConfig>
and if i change <authz value="gridmap"/> to <authz value="self"/>
when i run CSF, the output will be like this
[EMAIL PROTECTED] ~]$ csf-job-create rsl
$GLOBUS_LOCATION/docs/metascheduler/examples/gram_job.xml job1
RemoteEx catched! Create Job error!
org.globus.wsrf.impl.security.authorization.exceptions.AuthorizationException:
"/O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo" is not authorized to use
operation:
{http://www.platform.com/namespaces/2003/05/metascheduler/job}createResource on
this service
so how can i configure the file? thanks a lot.
Best regards!
======= 2007-08-30 17:49:34 您在来信中写道:=======
>I didn't use CSF before, from globus document, it same that CSF is a
>kind of service provide task schedular function. So if you can find
>the file security-config.xml under the directory
>$GLOBUS_LOCATION/etc/metascheduler or some others related with CSF.
>Edit security-config.xml for your will. For examples,if you want a
>"self" mode authorization
>add a line or change a line like this:
><authz value="self">
>and do not forget to have a copy before your modification:)
>It same like this, Try.
>
>在 07-8-30,丁涛<[EMAIL PROTECTED]> 写道:
>> hi,Yu
>>
>> actually i run "rft" locally.
>> i changed /etc/hosts like "127.0.0.1 node1" and execute "rft -h node1
>> -f /tmp/rft.xfr" it's OK!
>> and if i changed /etc/hosts like "202.112.9.201 node1" and execute
>> "rft -h node1 -f /tmp/rft.xfr -z self" it's OK too!
>> but for CSF i can't find a argument like "-z self" to tell the command
>> to expect my own identity.
>> anyway thanks Yu and Charles, you both help me.
>>
>>
>> Best regards!
>>
>>
>> >Is 202.112.9.201 your local IP address? and do you exectue the "rft"
>> >command locally? If it is, try to delete the line "202.112.9.201
>> >node1" in your /etc/hosts and maybe write an other line "127.0.0.1
>> >localhost ". This maybe function....
>> >
>> >I meet this kind of problem before,but dose not remember the detail
>> >solution for every kind. This kind of problem occured often by two
>> >kinds of aspects: one is about server-side authorization
>> >mode(self,host or identity), the other is the conversion between IP
>> >and Domain Name problem.
>> >
>> >
>> >在 07-8-29,丁涛<[EMAIL PROTECTED]> 写道:
>> >> hi, Charles
>> >>
>> >>
>> >> in my /etc/hosts file, there is nothing but the real IP address and
>> >> node1.
>> >> like
>> >> 202.112.9.201 node1
>> >>
>> >>
>> >>
>> >> Best regards!
>> >>
>> >> ======= 2007-08-29 22:49:38 您在来信中写道:=======
>> >>
>> >> >In your first example, it looks like you started the container as
>> >> >yourself by hand. Now it looks like you started the container with
>> >> >the host certificates. The trouble now is that a reverse lookup on
>> >> >node1's IP address is returning localhost. Make sure your /etc/hosts
>> >> >file doesn't have any entries like:
>> >> >127.0.0.1 node1
>> >> >
>> >> >
>> >> >Charles
>> >> >
>> >> >On Aug 29, 2007, at 5:29 AM, 丁涛 wrote:
>> >> >
>> >> >> hi,Charles
>> >> >>
>> >> >> thanks for your reply. but it didn't work.and the output below
>> >> >> isn't like before.
>> >> >> and csf still didn't work. why this happen?
>> >> >>
>> >> >> [EMAIL PROTECTED] ~]$ rft -h node1 -f /tmp/rft.xfr -z self
>> >> >> Number of transfers in this request: 1
>> >> >> Subscribed for overall status
>> >> >> Termination time to set: 60 minutes
>> >> >>
>> >> >> Overall status of transfer:
>> >> >> Finished/Active/Failed/Retrying/Pending
>> >> >> 0/0/1/0/0
>> >> >> Error:Error authenticating user at source/dest hostAuthentication
>> >> >> failed [Caused by: Operation unauthorized (Mechanism level:
>> >> >> Authorization failed. Expected "/CN=host/localhost" target but
>> >> >> received "/O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=host/node1")]
>> >> >> [Caused by: Authentication failed [Caused by: Operation
>> >> >> unauthorized (Mechanism level: Authorization failed. Expected "/
>> >> >> CN=host/localhost" target but received "/O=Grid/OU=GlobusTest/
>> >> >> OU=simpleCA-node1/CN=host/node1")]]
>> >> >> All Transfers failed
>> >> >>
>> >> >> Best regards!
>> >> >>
>> >> >> ======= 2007-08-28 23:03:24 您在来信中写道:=======
>> >> >>
>> >> >>> For the rft -h node1, you'll need to add something telling the
>> >> >>> command to expect your own identity.
>> >> >>>
>> >> >>> $ rfh -h node1 -f /tmp/rft.xfr -z self
>> >> >>>
>> >> >>> should work. For globusrun-ws, try -self.
>> >> >>>
>> >> >>>
>> >> >>> Charles
>> >> >>>
>> >> >>> On Aug 28, 2007, at 4:42 AM, Ding Tao wrote:
>> >> >>>
>> >> >>>> hi, all
>> >> >>>>
>> >> >>>> when i rum $rft -h node1 -f /tmp/rft.xfr and $csf-job-status
>> >> >>>> job1, i meet the same problem which shows below.
>> >> >>>>
>> >> >>>> 2007-09-04 09:46:49,378 ERROR delegation.DelegationUtil
>> >> >>>> [main,getCertificateChainRP:558]
>> >> >>>> org.globus.common.ChainedIOException: Authentication failed [Caused
>> >> >>>> by: Operation unauthorized (Mechanism level: Authorization failed.
>> >> >>>> Expected "/CN=host/node1" target but received "/O=Grid/
>> >> >>>> OU=GlobusTest/OU=simpleCA-node1/CN=leo")]
>> >> >>>>
>> >> >>>> my /etc/grid-security/grid-mapfile is "/O=Grid/OU=GlobusTest/
>> >> >>>> OU=simpleCA-node1/CN=leo" guser
>> >> >>>>
>> >> >>>> these are output of grid-proxy-info
>> >> >>>> [EMAIL PROTECTED] ~]$ grid-proxy-info
>> >> >>>> subject : /O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo/
>> >> >>>> CN=1342777527
>> >> >>>> issuer : /O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo
>> >> >>>> identity : /O=Grid/OU=GlobusTest/OU=simpleCA-node1/CN=leo
>> >> >>>> type : Proxy draft (pre-RFC) compliant impersonation proxy
>> >> >>>> strength : 512 bits
>> >> >>>> path : /tmp/x509up_u505
>> >> >>>> timeleft : 11:59:49
>> >> >>>>
>> >> >>>> and i comfirm that i set PATH JAVA_HOME ANT_HOME and run `source
>> >> >>>> $GLOBUS_LOCATION/etc/globus-user-env.sh & source $GLOBUS_LOCATION/
>> >> >>>> etc/globus-devel-env.sh `
>> >> >>>>
>> >> >>>> i know there are sth wrong with authentication but how can i solve
>> >> >>>> this problem.
>> >> >>>>
>> >> >>>> Best regards!
>> >> >>>>
>> >> >>>> -------------------------------------------------------
>> >> >>>> Ding Tao
>> >> >>>> 丁涛
>> >> >>>>
>> >> >>>> Network Information Center,
>> >> >>>> Beijing University of Posts & Telecommunications (BUPT),
>> >> >>>> 10 Xi Tu Cheng Rd.,Beijing,100876,
>> >> >>>> P.R.China
>> >> >>>>
>> >> >>>> 北京邮电大学信息网络中心 邮编100876
>> >> >>>>
>> >> >>>> E-Mail: [EMAIL PROTECTED]
>> >> >>>> -------------------------------------------------------
>> >> >>>>
>> >> >>>> 2007-08-28
>> >> >>
>> >> >> = = = = = = = = = = = = = = = = = = = =
>> >> >>
>> >> >> -------------------------------------------------------
>> >> >> Ding Tao
>> >> >> 丁涛
>> >> >>
>> >> >> Network Information Center,
>> >> >> Beijing University of Posts & Telecommunications (BUPT),
>> >> >> 10 Xi Tu Cheng Rd.,Beijing,100876,
>> >> >> P.R.China
>> >> >>
>> >> >> 北京邮电大学信息网络中心 邮编100876
>> >> >>
>> >> >> E-Mail: [EMAIL PROTECTED]
>> >> >> -------------------------------------------------------
>> >> >>
>> >> >> 2007-08-29
>> >>
>> >> = = = = = = = = = = = = = = = = = = = =
>> >>
>> >> -------------------------------------------------------
>> >> Ding Tao
>> >> 丁涛
>> >>
>> >> Network Information Center,
>> >> Beijing University of Posts & Telecommunications (BUPT),
>> >> 10 Xi Tu Cheng Rd.,Beijing,100876,
>> >> P.R.China
>> >>
>> >> 北京邮电大学信息网络中心 邮编100876
>> >>
>> >> E-Mail: [EMAIL PROTECTED]
>> >> -------------------------------------------------------
>> >>
>> >> 2007-08-29
>> >>
>>
>> = = = = = = = = = = = = = = = = = = = =
>>
>> -------------------------------------------------------
>> Ding Tao
>> 丁涛
>>
>> Network Information Center,
>> Beijing University of Posts & Telecommunications (BUPT),
>> 10 Xi Tu Cheng Rd.,Beijing,100876,
>> P.R.China
>>
>> 北京邮电大学信息网络中心 邮编100876
>>
>> E-Mail: [EMAIL PROTECTED]
>> -------------------------------------------------------
>>
>> 2007-08-30
>>
= = = = = = = = = = = = = = = = = = = =
-------------------------------------------------------
Ding Tao
丁涛
Network Information Center,
Beijing University of Posts & Telecommunications (BUPT),
10 Xi Tu Cheng Rd.,Beijing,100876,
P.R.China
北京邮电大学信息网络中心 邮编100876
E-Mail: [EMAIL PROTECTED]
-------------------------------------------------------
2007-08-30
