Hello, Does anyone has an answer to this one?
Regards, Sebastian -------- Original Message -------- Subject: [gt-user] Old-style proxies support Date: Mon, 14 Nov 2011 10:18:05 +0100 From: Sebastian Czechowski <[email protected]> To: [email protected] <[email protected]> Hello all, Dennis van Dok from IGE Project has sent a the following question: Will old-style proxies remain supported in current and upcoming Globus products? Currently it seems that they aren't (see below). ------------------------------------------------------------------------ There is a failure in the authentication layer of the client-server interaction between a recent version of the globus client tools and a recent version of the globus services, when using classic (globus) proxies. Example: voms classic proxy, globus-url-copy from globus-gass-copy-5.7-1 on Ubuntu 11.04, with globus-gridftp-server-progs-3.28-3.el5 on CentOS 5. $ voms-proxy-info -all subject : /O=dutchgrid/O=users/O=nikhef/CN=Dennis van Dok/CN=proxy issuer : /O=dutchgrid/O=users/O=nikhef/CN=Dennis van Dok identity : /O=dutchgrid/O=users/O=nikhef/CN=Dennis van Dok type : proxy strength : 1024 bits path : /user/dennisvd/ige-voms-proxy-classic timeleft : 11:47:33 === VO ige-project.eu extension information === VO : ige-project.eu subject : /O=dutchgrid/O=users/O=nikhef/CN=Dennis van Dok issuer : /C=DE/O=GermanGrid/OU=TU-Dortmund/CN=host/vomrs01.grid.tu-dortmund.de attribute : /ige-project.eu/Role=NULL/Capability=NULL timeleft : 11:47:33 uri : vomrs01.grid.tu-dortmund.de:15011 $ globus-url-copy gsiftp://ve.nikhef.nl/etc/grid-security/grid-mapfile `pwd`/ error: globus_ftp_client: the server responded with an error 530 530-globus_xio: Authentication Error 530-OpenSSL Error: s3_srvr.c:2518: in library: SSL routines, function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned 530-globus_gsi_callback_module: Could not verify credential 530-globus_gsi_callback_module: Can't get the local trusted CA certificate: Cannot find trusted CA certificate with hash 8d759796 in /etc/grid-security/certificates 530 End. Copying the same proxy file to a machine with a gLite 3.2.8 installation (globus-url-copy -version says globus-url-copy: 3.23) and repeating the command works. Initiating the voms proxy to use an RFC style proxy also works: $ voms-proxy-init --bits 1024 --rfc --voms ige-project.eu $ voms-proxy-info -all subject : /O=dutchgrid/O=users/O=nikhef/CN=Dennis van Dok/CN=122854297 issuer : /O=dutchgrid/O=users/O=nikhef/CN=Dennis van Dok identity : /O=dutchgrid/O=users/O=nikhef/CN=Dennis van Dok type : RFC compliant proxy strength : 1024 bits path : /private/home/dennis/src/globustest/ige-voms-proxy-rfc timeleft : 11:43:07 === VO ige-project.eu extension information === VO : ige-project.eu subject : /O=dutchgrid/O=users/O=nikhef/CN=Dennis van Dok issuer : /C=DE/O=GermanGrid/OU=TU-Dortmund/CN=host/vomrs01.grid.tu-dortmund.de attribute : /ige-project.eu/Role=NULL/Capability=NULL timeleft : 11:43:06 uri : vomrs01.grid.tu-dortmund.de:15011 Best regards, Sebastian Czechowski, IGE Project -- Sebastian Czechowski [email protected] IT Project Coordinator GridwiseTech office/fax: +48 12 294 71 20 The Scalability Specialist www.gridwisetech.com --------------------------------------------------------------------
