On 07/07/2011 03:39 AM, Jim Basney wrote:
I edited /etc/hosts on both systems to make them aware of the other's
hostname and while retrieving I get new error messages as follows.
Yes, that is progress.
maverik titu # myproxy-retrieve -v -s fool.man.machine -k Maverick -l titu
MyProxy v5.4 22 Apr 2011 PAM OCSP
Attempting to connect to 192.168.1.2:7512
Successfully connected to fool.man.machine:7512
using trusted certificates directory /etc/grid-security/certificates
no valid credentials found -- performing anonymous authentication
Error authenticating: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gss_assist: Error during context initialization
OpenSSL Error: s3_clnt.c:1059: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Can't get the local trusted CA certificate:
Untrusted self-signed certificate in chain with hash 93fd916c
In the quickstart guide
http://www.globus.org/toolkit/docs/latest-stable/admin/quickstart/#q-second
there's a step to copy your $GLOBUS_LOCATION/share/certificates
directory from the first machine to the second machine where the CA
certificate with hash 93fd916c should be found.
However, on maverik it appears you have an
/etc/grid-security/certificates directory that is overriding your
$GLOBUS_LOCATION/share/certificates directory, so you need to copy the
93fd916c.* files from fool to your /etc/grid-security/certificates
directory on maverik for the CA certificate to be trusted.
Thank you. It solved my issue.
You can ignore the "WARNING: cert_dir not specified" and "Error
initializing one or more Usage Stat target(s)" messages from the
myproxy-server. I don't think they'll cause you any problems.
After receiving the pem files, when I tried myproxy-destroy from my second
system I get the following messages.
maverik titu # myproxy-destroy -v -s fool.man.machine -k maverick.man.machine -l
titu
MyProxy v5.4 22 Apr 2011 PAM OCSP
Attempting to connect to 192.168.1.2:7512
Successfully connected to fool.man.machine:7512
using trusted certificates directory /home/titu/soc/gt/share/certificates
server name:
/O=Grid/OU=GlobusTest/OU=simpleCA-fool.man.machine/CN=host/fool.man.machine
checking that server name is acceptable...
server name matches "[email protected]"
authenticated server name is acceptable
ERROR from myproxy-server:
Credentials not owned by
"/O=Grid/OU=GlobusTest/OU=simpleCA-fool.man.machine/OU=man.machine/CN=Maverick".
From the log files, I got the following on my first system.
Jul 7 03:21:26 fool myproxy-server[1422]: myproxy-server v5.4 22 Apr 2011 PAM
OCSP starting at Thu Jul 7 03:21:26 2011
Jul 7 03:21:26 fool myproxy-server[1422]: reading configuration file
/etc/myproxy-server.config
Jul 7 03:21:26 fool myproxy-server[1422]: WARNING: cert_dir not specified in
config file. No trustroots can be returned to clients!
Jul 7 03:21:26 fool myproxy-server[1422]: Processing usage_stats_target
(usage-stats.cilogon.org:4810)
Jul 7 03:21:26 fool myproxy-server[1422]: USAGE-STATS: Error initializing
(usage-stats.cilogon.org:4810) (VvtrlLB)
Jul 7 03:21:26 fool myproxy-server[1422]: Error initializing one or more Usage
Stat target(s)! But continuing ...
Jul 7 03:21:26 fool myproxy-server[1422]: using storage directory /var/myproxy
Jul 7 03:21:26 fool myproxy-server[1422]: Starting myproxy-server on
localhost:7512...
Regards
Amitav
