On Wed, Aug 13, 2008 at 2:45 PM, John Bresnahan <[EMAIL PROTECTED]> wrote: > export GLOBUS_GSI_CALLBACK_DEBUG_LEVEL=3 > >> Here's a naive question ... how do I use >> GLOBUS_GSI_CALLBACK_DEBUG_LEVEL with 'globus-crft', is there a doc or >> something you can point me to? I'm just aiming to get a standalone >> GridFTP/RFT service going with the new 'globus-crft' utility at this >> point so I'm not sure how to employ GLOBUS_GSI_CALLBACK_DEBUG_LEVEL >> with that. >> >> Ben-- >> > >
Dunno, that didn't seem to reveal a great deal that I could tell so I'm not going to belabor that right now. Do any of you guys have a description of how the path length relates in numeric constraints (e.g., 0, 1, 2, 3 etc.)? It seems to be my 2nd level CA that's the problem, it's path of "2" appears to be the constraint. Unfortunately my PKI knowledge is grossly limited. I.e., I have a root CA with a path-length of "3" and a 2nd level CA with a path-length of "2"; my 2nd level CA is the one that signed my personal cert. Shouldn't that mean that certificates it issues are capable of signing certs (proxies)? Can I limit or reduce the path-length checking without totally compromising security?
