From: Charles Bacon <[EMAIL PROTECTED]>
Date: Fri, 14 Mar 2008 14:48:08 -0500
> On Mar 13, 2008, at 3:26 AM, Masato Asou wrote:
>
> >> Any reason you're using proxies to start the container
> >> instead of host certs?
> >
> > I have no root account. I want to start a container with its own
> > certificate and to use it.
> >
> > GT4.0.5 works fine -streaming. Why GT4.0.6 does not work?
> > Were some changed?
>
> I don't know why the RFT isn't getting the subject expectation from
> what you're providing to globusrun-ws. However, I will point out
> that you don't need root to request a containercert. You can edit
> $GLOBUS_LOCATION/etc/globus_wsrf_core/globus_security_descriptor.xml
> to point it at a hostcert that does not live in /etc. Perhaps that
> will help you work around this problem.
I have already read the following document.
http://www.globus.org/toolkit/docs/4.0/admin/docbook/ch11.html#s-wsgram-admin-configuring-nondefault
2.2.1. Non-default Credentials
To run the container using just a user proxy, instead of host
creds, edit the
$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml
file, and either comment out the credentials section...
<?xml version="1.0" encoding="UTF-8"?>
<securityConfig xmlns="http://www.globus.org";>
<!--
<credential>
<key-file value="/etc/grid-security/containerkey.pem"/>
<cert-file value="/etc/grid-security/containercert.pem"/>
<credential>
-->
<gridmap value="/etc/grid-security/grid-mapfile"/>
<securityConfig>
Running in personal mode (user proxy), another GRAM configuration
setting is required. For GRAM to authorize the RFT service when
performing staging functions, it needs to know the subject DN for
verification. Here are the steps:
% cd $GLOBUS_LOCATION/setup/globus
% ./setup-gram-service-common --staging-subject=
"/DC=org/DC=doegrids/OU=People/CN=Stuart Martin 564720"
I have already finished with a setting as above. But -streaming
occurred "Current job state: Failed".
ASOU Masato [EMAIL PROTECTED]
What is Ninf? http://ninf.apgrid.org/
