On 07/07/2011 02:23 AM, Jim Basney wrote:
Globus Toolkit security depends on servers having valid hostnames. It
looks like maverick needs an entry in /etc/hosts for fool, so you can do
'myproxy-retrieve -v -s fool ...' rather than giving fool's IP address
on the command-line. Currently the hostname lookup for 192.168.1.2 is
failing on maverick.

On 7/6/11 3:39 PM, Amitav Mohanty wrote:
Hello

I created a certificate for my second machine on my first machine using
myproxy-admin-addservice. However, when I try to retrieve it on my
second machine, I get the following error message.

[titu@maverick]>myproxy-retrieve -v -s 192.168.1.2 -k Maverick -l titu
MyProxy v5.4 22 Apr 2011 PAM OCSP
Attempting to connect to 192.168.1.2:7512
Successfully connected to 192.168.1.2:7512
Error getting name of remote party: Could not get peer hostname
Connection refused

I checked /var/log/errors.log on the first machine and found the
following lines.

Jul  7 01:56:32 fool myproxy-server[11920]: Connection from 192.168.1.3
Jul  7 01:56:32 fool myproxy-server[11920]: using trusted certificates
directory /etc/grid-security/certificates
Jul  7 01:56:33 fool myproxy-server[11920]: Exiting: authentication failed

I also check if there were services listening on the ports and it seems
fine.

[root@fool dknight]# netstat -an | grep 7512
tcp        0      0 0.0.0.0:7512            0.0.0.0:*               LISTEN
[root@fool dknight]# netstat -an | grep 2811
tcp        0      0 0.0.0.0:2811            0.0.0.0:*               LISTEN

Do I need to add some edits in the grid-mapfile after running
myproxy-admin-addservice?

Regards
Amitav
Hello

I edited /etc/hosts on both systems to make them aware of the other's hostname and while retrieving I get new error messages as follows.

maverik titu # myproxy-retrieve -v -s fool.man.machine -k Maverick -l titu
MyProxy v5.4 22 Apr 2011 PAM OCSP
Attempting to connect to 192.168.1.2:7512
Successfully connected to fool.man.machine:7512
using trusted certificates directory /etc/grid-security/certificates
no valid credentials found -- performing anonymous authentication
Error authenticating: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gss_assist: Error during context initialization
OpenSSL Error: s3_clnt.c:1059: in library: SSL routines, function SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Can't get the local trusted CA certificate: Untrusted self-signed certificate in chain with hash 93fd916c

I looked in /var/log/messages.log on the first machine and found these lines.

Jul  7 02:52:22 fool myproxy-server[13774]: Connection from 192.168.1.3
Jul 7 02:52:22 fool myproxy-server[13774]: using trusted certificates directory /etc/grid-security/certificates
Jul  7 02:52:22 fool myproxy-server[13774]: Failure: error in myproxy_send()

The line I added to hosts file of first system is as follows.

192.168.1.3     maverick.man.machine    maverick

Regards
Amitav

Reply via email to