Is it possible to upgrade to 4.0.8? I believe the diagnostics should
improve for the policy violation, or it should just be fixed.
If you can't upgrade, it sounds like one of the signing policies in
use does not correspond to the subject name being presented. In which
case, I'd be interested in the DN on the server and client sides, as
well as the signing_policy of the corresponding CA.
Charles
On Aug 19, 2008, at 12:24 PM, Roland Luethy wrote:
Hi all,
we are trying to use globus for a project and are having problems
with authorization when submitting jobs. There are several caveats
with
our installation: it is a nonroot installation, version 4.0.6, on a
system with an older globus installation. We removed all environment
variables referring to the older version and set the GLOBUS_PATH,
GLOBUS_LOCATION, GRID_SECURITY_DIR, X509_CERT_DIR and GRIDMAP
variables
to point to our files.
When submitting a job we get the following error:
globusrun-ws -submit -f gramtest -dbg
Submitting job...Failed.
globusrun-ws: Error submitting job
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Error with signing policy
globus_gsi_callback_module: Error in OLD GAA code: CA policy
violation:
<no reason given>
The corresponding error from the globus server is this:
2008-08-19 10:19:23,495 ERROR container.GSIServiceThread
[ServiceThread-20,process:147] Error processing request
java.io.EOFException
at
org
.globus
.gsi
.gssapi
.net
.impl.GSIGssInputStream.readHandshakeToken(GSIGssInputStream.java:56)
at
org
.globus.gsi.gssapi.net.impl.GSIGssSocket.readToken(GSIGssSocket.java:
60)
at
org
.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:
122)
at
org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:142)
at
org.globus.gsi.gssapi.net.GssSocket.getOutputStream(GssSocket.java:
161)
at
org
.globus
.wsrf.container.GSIServiceThread.process(GSIServiceThread.java:99)
at org.globus.wsrf.container.ServiceThread.run(ServiceThread.java:
291)
Any help is highly appreciated.
Thanks
Roland Luethy
IMPORTANT WARNING: This message is intended for the use of the
person or entity to which it is addressed and may contain
information that is privileged and confidential, the disclosure of
which is governed by
applicable law. If the reader of this message is not the intended
recipient, or the employee or agent responsible for delivering it to
the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this information is
STRICTLY PROHIBITED.
If you have received this message in error, please notify us
immediately
by calling (310) 423-6428 and destroy the related message. Thank
You for your cooperation.
