On 07/07/2011 02:23 AM, Jim Basney wrote:
Globus Toolkit security depends on servers having valid hostnames. It
looks like maverick needs an entry in /etc/hosts for fool, so you can do
'myproxy-retrieve -v -s fool ...' rather than giving fool's IP address
on the command-line. Currently the hostname lookup for 192.168.1.2 is
failing on maverick.
On 7/6/11 3:39 PM, Amitav Mohanty wrote:
Hello
I created a certificate for my second machine on my first machine using
myproxy-admin-addservice. However, when I try to retrieve it on my
second machine, I get the following error message.
[titu@maverick]>myproxy-retrieve -v -s 192.168.1.2 -k Maverick -l titu
MyProxy v5.4 22 Apr 2011 PAM OCSP
Attempting to connect to 192.168.1.2:7512
Successfully connected to 192.168.1.2:7512
Error getting name of remote party: Could not get peer hostname
Connection refused
I checked /var/log/errors.log on the first machine and found the
following lines.
Jul 7 01:56:32 fool myproxy-server[11920]: Connection from 192.168.1.3
Jul 7 01:56:32 fool myproxy-server[11920]: using trusted certificates
directory /etc/grid-security/certificates
Jul 7 01:56:33 fool myproxy-server[11920]: Exiting: authentication failed
I also check if there were services listening on the ports and it seems
fine.
[root@fool dknight]# netstat -an | grep 7512
tcp 0 0 0.0.0.0:7512 0.0.0.0:* LISTEN
[root@fool dknight]# netstat -an | grep 2811
tcp 0 0 0.0.0.0:2811 0.0.0.0:* LISTEN
Do I need to add some edits in the grid-mapfile after running
myproxy-admin-addservice?
Regards
Amitav
Hello
I edited /etc/hosts on both systems to make them aware of the other's hostname
and while retrieving I get new error messages as follows.
maverik titu # myproxy-retrieve -v -s fool.man.machine -k Maverick -l titu
MyProxy v5.4 22 Apr 2011 PAM OCSP
Attempting to connect to 192.168.1.2:7512
Successfully connected to fool.man.machine:7512
using trusted certificates directory /etc/grid-security/certificates
no valid credentials found -- performing anonymous authentication
Error authenticating: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gss_assist: Error during context initialization
OpenSSL Error: s3_clnt.c:1059: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Can't get the local trusted CA certificate:
Untrusted self-signed certificate in chain with hash 93fd916c
I looked in /var/log/messages.log on the first machine and found these lines.
Jul 7 02:52:22 fool myproxy-server[13774]: Connection from 192.168.1.3
Jul 7 02:52:22 fool myproxy-server[13774]: using trusted certificates directory
/etc/grid-security/certificates
Jul 7 02:52:22 fool myproxy-server[13774]: Failure: error in myproxy_send()
The line I added to hosts file of first system is as follows.
192.168.1.3 maverick.man.machine maverick
Regards
Amitav
