Hi John,
You are the second person to mention this, and this sounds like just what I
need. I'll report back on my progress.
You bring up an interesting point regarding the globus user. According to the
Simple CA instructions, I should create a "...generic globus account, which
will be used
to perform administrative
tasks.
This user will also be in charge of managing
the SimpleCA. To do this, make
sure this account has read and write
permissions in the
$GLOBUS_LOCATION directory." I am trying to
implement this on CentOS 6.2, andÂ
$GLOBUS_LOCATION is /usr/sbin, which is only
writable by root. That makes it kind of difficult to create a generic,
non-privileged user with the stated necessary write permissions. Can you tell
me what needs to be written to so I can only allow that write access instead of
full access to /usr/sbin?
Thanks!
________________________________
> Date: Wed, 17 Oct 2012 08:37:37 -0500
> Subject: Re: [gt-user] host certificate request fails
> From: [email protected]
> To: [email protected]
> CC: [email protected]
>
> Hi Melvin,
>
> Days ago I experimented the same issue that you are facing now and I
> think that the problem is on the Globus Toolkit documentation. Here is
> how I fixed
>
> 1. Be sure to run the grid-ca-create command as globus user
> 2. This command creates a directory in the globus's home directory
> (~/.globus/simpleCA) which contains a lot of files that you need to
> copy in the /etc/grid-security directory. Those files are:
> globus-host-ssl.conf, globus-user-ssl.conf and grid-security.conf. I
> also copied signing-policy and grid-ca-ssl.conf but I am not quite sure
> if they have to be copied too.
>
> Run the hostname command be sure that it returns the FQDN for the
> machine where you are setting up the griftp service.
>
> The /etc/grid-security/certificates exists on that machine?
>
> On 17 October 2012 08:25, gridftp user
> <[email protected]<mailto:[email protected]>> wrote:
>
> According to the instructions for setting up the Simple CA
> (http://globus.org/toolkit/docs/5.2/5.2.2/admin/install/appendix.html#gtadmin-simpleca),
>
> I need to request a host certificate by running:
> sudo grid-cert-request -host 'hostname'
>
> It would have been really nice if the next line explained what value is
> expected for 'hostname' but the author failed to see a need for this.
> Assuming it means my host, I entered:
> sudo grid-cert-request -host
> '[email protected]<mailto:[email protected]>'
>
> and got an immediate error:
> line 917: /etc/grid-security/grid-security.conf: No such file or
> directory
>
> Searching for that file name on the Globus site, I found a description
> from the version 4.0 documentation
> (http://www.globus.org/toolkit/docs/4.0/admin/docbook/ch05.html):
> grid-security.conf A base configuration file that contains the
> name and email address for the CA.
>
> So I created that /etc/grid-security/grid-security.conf file:
> root
> [email protected]<mailto:[email protected]>
>
> Now sudo grid-cert-request -host
> '[email protected]<mailto:[email protected]>' gives another
> error:
> /etc/grid-security/grid-security.conf: line 1: root: command not found
> /etc/grid-security/grid-security.conf: line 2:
> [email protected]<mailto:[email protected]>: command not found
> /usr/bin/grid-cert-request: line 442:
> /etc/grid-security/globus-host-ssl.conf: No such file or directory
>
> So obviously grid-security.conf is not a base configuration file that
> contains the name and email address for the CA. Is there any chance
> someone would be willing to take a minute to explain what that file
> should contain, as well an example of what should be in
> /etc/grid-security/globus-host-ssl.conf? I would sure appreciate it.
>
> Thanks,
> Melvin
>
>
