Hi Jim,
Thanks for your answer.
I am performing the GT4.2 Quickstart procedure on a new installation
directory and therefore pcd10238 has no certificates left from another
previous GT installation. I have purged them from ~/.globus.
When I shift right before the "Setting up your security on your first
machine" from GT4.2 Quickstart procedure to the GT4.0.x Quickstart and
proceed from that point on to the end, I succeed to get the certificates
for pcd10238 working. Therefore I thinks it is not a problem with xinetd.
(?)
It seems that there is some step missing in the new procedure (GT4.2
Quickstart).
I've run the grid-proxy-init -debug -verify and I've got the following
messages
[EMAIL PROTECTED]:/home/pcd/10238> grid-proxy-init -debug -verify
ERROR: Couldn't find valid credentials to generate a proxy.
grid_proxy_init.c:557: globus_sysconfig: Error with certificate
filename: The user cert could not be found in:
1) env. var. X509_USER_CERT
2) $HOME/.globus/usercert.pem
3) $HOME/.globus/usercred.p12
[EMAIL PROTECTED]:/home/pcd/10238>
Let me know if you need further info.
Klaus
Jim Basney <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
18/08/2008 23:41
To
[EMAIL PROTECTED]
cc
[email protected]
Subject
Re: [gt-user] myproxy-logon Failed reading length 0 (GT 4.2.0)
I'm not sure what's causing the error, but one thing I notice:
> [EMAIL PROTECTED]:/home/pcd/10238> myproxy-logon -v -s pc222771
> MyProxy v4.2 10 Jan 2008
> Attempting to connect to 10.6.3.209:7512
> using trusted certificates directory
> /sandbox/globus/globus-4.2.0/share/certificates
> Failed reading length 0
> Error authenticating: Connection closed.
I'd expect to see the following in the output above:
"no valid credentials found -- performing anonymous authentication"
It makes me think that perhaps pcd10238 already has a credential (from a
previous GT installation?) and that credential isn't accepted by the
myproxy-server for some reason. Unfortunately, the myproxy-server's
error message isn't very helpful (at least to me).
If pcd10238 does have an existing proxy credential, does it help to run
grid-proxy-destroy before myproxy-logon?
For example, here's the output I get:
$ myproxy-logon -v
MyProxy v4.2 10 Jan 2008 PAM
Attempting to connect to 141.142.15.40:7512
using trusted certificates directory /etc/grid-security/certificates
no valid credentials found -- performing anonymous authentication
server name: /C=US/O=National Center for Supercomputing
Applications/CN=myproxy.ncsa.uiuc.edu
checking that server name is acceptable...
server name does not match "[EMAIL PROTECTED]"
server name matches "[EMAIL PROTECTED]"
authenticated server name is acceptable
Enter MyProxy pass phrase:
A credential has been received for user jbasney in /tmp/x509up_u25555.
The "no valid credentials found" message should appear before the start
of the SSL handshake if there are no credentials available to the
client, and the error seems to be happening during the SSL handshake, so
I'd expect to see that message before the error.
It's also odd that you get different output from myproxy-logon depending
on whether you run the myproxy-server via xinetd or from the
command-line. In the former case, it seems that xinetd is failing to
start the myproxy-server, perhaps because LD_LIBRARY_PATH isn't set or
some other problem with /etc/xinetd.d/myproxy, so the network connection
is closed before the client can ready any bytes. Is there any useful
syslog output for this case?
Sorry all I can offer is guesses...
-Jim
This message is intended solely for the use of its addressee and may
contain privileged or confidential information. If you are not the
addressee you should not distribute, copy or file this message. In this
case, please notify the sender and destroy its contents immediately.
Esta mensagem é para uso exclusivo de seu destinatário e pode conter
informações privilegiadas e confidenciais. Se você não é o destinatário
não deve distribuir, copiar ou arquivar a mensagem. Neste caso, por favor,
notifique o remetente da mesma e destrua imediatamente a mensagem.
