For some reason you use a host credential (CN=host/fool.man.machine) instead of a user credential. It is unusual but it should work if you add the following mapping between this DN and an existing local username to the file /etc/grid-security/grid-mapfile:

"/O=Grid/OU=GlobusTest/OU=simpleCA-fool.man.machine/CN=host/fool.man.machine" dknight

You can do this using the command:
# $GLOBUS_LOCATION/sbin/grid-mapfile-add-entry -dn \
"/O=Grid/OU=GlobusTest/OU=simpleCA-fool.man.machine/CN=host/fool.man.machine" \
-ln dknight

or manually editing the file /etc/grid-security/grid-mapfile.

How did this happen that you use the host credential as a user credential? How did you get/generate that credential?

Lukasz


On 5/31/11 1:49 PM, Amitav Mohanty wrote:
On 05/31/2011 09:45 PM, Jim Basney wrote:
On 5/31/11 9:35 AM, Amitav Mohanty wrote:
I was wondering why without adding any lines to hosts.allow and
hosts.deny I can have credentials exchanged successfully when both the
server and the client are started on different terminals.
If you run the myproxy-server outside of xinetd, then /etc/hosts.allow
and /etc/hosts.deny have no effect. It's xinetd, not myproxy-server,
that's applying the rules from these files.

-Jim

Well I start myproxy-server on one terminal and myproxy-logon on another. There is a successful transfer of credentials but when I start globus-gridftp-server on another terminal and try

globus-url-copy -dbg -vb gsiftp://localhost:2811/etc/group file:///home/dknight/test.copy

I get errors as follows:

[dknight@fool soc]$ globus-url-copy -dbg -vb gsiftp://localhost:2811/etc/group file:///home/dknight/test.copy
Source: gsiftp://localhost:2811/etc/
Dest:   file:///home/dknight/
  group  ->  test.copy
debug: starting to get gsiftp://localhost:2811/etc/group
debug: connecting to gsiftp://localhost:2811/etc/group

debug: response from gsiftp://localhost:2811/etc/group:
220 fool.man.machine GridFTP Server 3.28 (gcc64dbg, 1297437357-80) [Globus Toolkit 5.0.3] ready.

debug: authenticating with gsiftp://localhost:2811/etc/group
debug: response from gsiftp://localhost:2811/etc/group:
530-Login incorrect. : globus_gss_assist: Gridmap lookup failure: Could not map /O=Grid/OU=GlobusTest/OU=simpleCA-fool.man.machine/CN=host/fool.man.machine
530-
530 End.

debug: fault on connection to gsiftp://localhost:2811/etc/group
debug: data callback, error globus_ftp_client: the server responded with an error, buffer 0x7f00997c7010, length 0, offset=0, eof=true
debug: operation complete

error: globus_ftp_client: the server responded with an error
530 530-Login incorrect. : globus_gss_assist: Gridmap lookup failure: Could not map /O=Grid/OU=GlobusTest/OU=simpleCA-fool.man.machine/CN=host/fool.man.machine
530-
530 End.

The server does not print a line on the terminal.

Regards
Amitav

Reply via email to