It sounds like the problem is in the signing policy. Can you verify
that the signing policy is the same on the two different machines?
One difference between 4.0 and 4.2 will be the default type of proxy
created. 4.0 had a nonstandard OID in one location, while 4.2 is
fully RFC compliant by default. You can tell them apart with grid-
proxy-info. The 4.0 style is:
type : Proxy draft (pre-RFC) compliant impersonation proxy
The 4.2 style is:
type : RFC 3820 compliant impersonation proxy
But that should not affect the behavior of the proxy with respect to
verification. I just mention it for completeness.
Charles
On Jul 18, 2008, at 11:27 AM, Kashif Mohammad wrote:
Dear All
We are doing a small experiment in basic level interoperability
between glite and globus. We are using vmware virtual machine and
glite training tool gridseed. In Gridseed we can initiate all the
components of glite and there is CA in the setup which provides Host
Certificate and User Certificate and also creates signing policy
files etc.
I installed gt4.0.0 on a different virtual machine and integrated it
with gridseed and got the certificate from gridseed and ran grid-
proxy-init -debug -verify and proxy was created without any error.
Then I installed gt4.2.0 on a different virtual machine and repeat
the same procedure but this time I got this error when I ran grid-
proxy-init -debug -verfify
ERROR: could not verify the authenticity of the user credential to
generate a proxy from grid-ptoxy-init.c:1013: globus_credential:
Error verifying credential: Failed to verify the credential.
globus_gsi_callback_module: could not verify credential
globus_gsi_callback_module: error with signing policy
globus_gsi_callback_module: error in OLD GAA code: Could not get
policy info: minor status=201
I also ran these test to check the validity of certificate and the
result was OK
openssl verify -CApath /etc/grid-security/certificates
-purpose sslclient ~/.globus/usercert.pem
openssl verify -CApath /etc/grid-security/certificates -purpose
sslserver /etc/grid-security/hostcert.pem
I wanted to know that, what is the difference between gt4.0.0 and
gt4.2.0 grid-proxy-init command, As I found that gt4.0.0 is using
globus_proxy_utils_0.14 and gt4.2.0 is using globus_proxy_utils_2.1.
Is it due to this or gt4.2.0 is using some extra fields.
Can someone explain the difference as I could not get any material
on net regarding it.
Thanks
Mohammad Kashif
INFN, Cagliari, Italy
