thanks. indeed this was a server problem.
Is there a way to know if the problem is server or client sided? sadly
the function names doesn't really show this.
On the server the problem was that when the server was started by the
root user, it wasn't automatically pointing at
/etc/grid-security/certificates but at /root/.globus/certificates as the
strace showed. I think I've misunderstood that part.
Thanks again for your help,
Estani
On 10/28/2010 07:46 PM, Jim Basney wrote:
I see that the call that's failing is gss_accept_sec_context(). That's a
server-side call. (The corresponding client-side call is
gss_init_sec_context().) So I think the issue is the server-side
environment variables, not the client-side. Maybe you need to set
X509_CERT_DIR in the /etc/xinetd.d entry for your gridftp server or
create an /etc/grid-security/certificates directory/symlink for the
server-side to use.
On 10/28/10 10:34 AM, Estanislao Gonzalez wrote:
Hi,
I'm having a headaches understanding how are environmental variables
read and in which order.
I'm running globus-url-copy from the same machine running a grid server
and the user X509_CERT_DIR is apparently not being used...
e...@ipcc-mpi:~$ env | grep 509
X509_CERT_DIR=/pf/k/egon/.globus_ipcc/certificates-esg
X509_USER_PROXY=/pf/k/egon/.globus_ipcc/certificate-file
e...@ipcc-mpi:~$ ll -d $X509_CERT_DIR
drwxr-sr-x 2 egon k204 2048 Oct 22 16:41
/pf/k/egon/.globus_ipcc/certificates-esg/
e...@ipcc-mpi:~$ GLOBUS_ERROR_OUTPUT=1 GLOBUS_ERROR_VERBOSE=1
globus-url-copy -list
'gsiftp://ipcc-mpi.dkrz.de//cmip5/output/MPI-M/ECHAM6-MPIOM-TR/amip/6hr/atmos/6hrPlev/r1i1p1/v20100928/psl/'
globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_check_certfile_unix:4967:
File is not owned by current user: /etc/grid-security/hostcert.pem is
not owned by current user
[...]
500 500-Command failed. : globus_xio_gsi: gss_accept_sec_context failed.
500-globus_gsi_gssapi: Error with gss context
500-globus_gsi_gssapi: Error with GSI credential
500-globus_sysconfig: Could not find a valid trusted CA certificates
directory: The trusted certificates directory could not be found in any
of the following locations:
500-1) env. var. X509_CERT_DIR
500-2) $HOME/.globus/certificates
500-3) /etc/grid-security/certificates
500-4) $GLOBUS_LOCATION/share/certificates
500-
500 End.
Any idea why?
Thanks,
Estani
--
Estanislao Gonzalez
Max-Planck-Institut für Meteorologie (MPI-M)
Deutsches Klimarechenzentrum (DKRZ) - German Climate Computing Centre
Room 108 - Bundesstrasse 45a, D-20146 Hamburg, Germany
Phone: +49 (40) 46 00 94-126
E-Mail: [email protected]
