Yes it could be bad entry in /etc/hosts.If that is te case then also, after updating /etc/hosts file hostcert need to be recreated. Type hostname command and see whether you get correct hostname on both servers (also check /etc/hosts file and double check hostnames)
Sesha ----- Original Message ---- From: Charles Bacon <[EMAIL PROTECTED]> To: peter ye <[EMAIL PROTECTED]> Cc: Seshachalapathi <[EMAIL PROTECTED]>; [email protected] Sent: Thursday, December 6, 2007 8:18:14 PM Subject: Re: [gt-user] globus_gsi_gssapi: Authorization denied Mismatched keys mean that the cert/key weren't replaced together. Your original problem wasn't a bad hostcert, it's probably a bad entry in /etc/hosts. Finish up the replacement of the certs (the best way is to delete your old cert/key to avoid confusion), then let us know what's in your hosts file for that hostname. Charles On Dec 6, 2007, at 11:37 AM, peter ye wrote: > I reset the hostcert and usercert. However, it now gives another > error: > > [EMAIL PROTECTED]:~/.globus$ globus-url-copy gsiftp:// > hilbert.cs.dal.ca/home/lingyun/gsiftpTest file:///home/lingyun/t/test > > error: globus_ftp_client: the server responded with an error > 530 530-globus_xio: Server side credential failure > 530-globus_gsi_gssapi: Error with gss credential handle > 530-globus_gsi_gssapi: Error with openssl: Couldn't set the private > key to be used for the SSL context > 530-OpenSSL Error: x509_cmp.c:389: in library: x509 certificate > routines, function X509_check_private_key: key values mismatch > 530 End. > > I can telnet via port 2811 but can't gsiftp through. Also, grid- > mapfile matches the identity from grid-proxy-info. Any idea? > > Seshachalapathi <[EMAIL PROTECTED]> wrote: > Hi > > It is first one grid-cert-request -host `hostname` > > And it looks like you haven't created the host certificate > correctly. Create host certificate > correctly and sign and try testing again. > > Cheers > Sesha > > > > From: peter ye <[EMAIL PROTECTED]> > To: [email protected] > Sent: Wednesday, December 5, 2007 9:53:29 PM > Subject: [gt-user] globus_gsi_gssapi: Authorization denied > > Dear all: > When I tried to globus-url-copy sth, it gives an "Authorization > denied" error. Does anyone know what's the problem? > > Also, I get confused while creating host certificate. Is it > > grid-cert-request -host `hostname` > or > grid-cert-request -host hostname > or > grid-cert-request -host 'hostname' ? > > Thanks in advance. > > Peter > > [EMAIL PROTECTED]:~/.globus$ globus-url-copy gsiftp:// > hilbert.cs.dal.ca/home/lingyun/t/test file:///home/lingyun/gsiftpTest > > error: globus_ftp_control: gss_init_sec_context failed > GSS Major Status: Unexpected Gatekeeper or Service Name > globus_gsi_gssapi: Authorization denied: The name of the remote > host (hilbert.cs.dal.ca), and the expected name for the remote host > (hilbert) do not match. This happens when the name in the host > certificate does not match the information obtained from DNS and is > often a DNS configuration problem. > [EMAIL PROTECTED]:~/.globus$ > > Be smarter than spam. See how smart SpamGuard is at giving junk > email the boot with the All-new Yahoo! Mail > All new Yahoo! Mail -Get a sneak peak at messages with a handy > reading pane. > > > Never miss a thing. Make Yahoo your homepage. > > Looking for the perfect gift? Give the gift of Flickr! ____________________________________________________________________________________ Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
