Hi Folks,
I'm still a little lost with GSI, but I'm needing to use security and I'm
having no success.
First, a doubt:
I have a simpleCa for a cluster in college, and a usercert there.
I have a simpleCa in my own pc at home, and a usercert here.
I did a service and deployed at college, and I'm trying to run the client at
home, but without success.
How does the college machine trust my home SimpleCA?
I copy my globus_simple_ca_9ccbe187_setup-0.19.tar.gz to the college
machine,
do a
*$GLOBUS_LOCATION/sbin/gpt-build *globus_simple_ca_9ccbe187_setup-0.19.tar.gz
after
*GLOBUS_LOCATION/sbin/gpt-postinstall
after
**$GLOBUS_LOCATION/setup/**globus_simple_ca_9ccbe187_setup/**setup-gsi
*after
adds the DN from my cert at home in grid-mapfile at college?
Is This?????
And another issue:
Myservice interacts with OGSA-DAI, or be, my service is an ogsa-dai client.
Then the environment is this: my user: user01 runs a client for MyService,
and MyService it's like a client to OGSA-DAI.
But I'm using OGSA-DAI activity DeliverToGFTP, that I need to use
GSISecureConversation, specifying limited or full delegation.
I'm doing this with:
conf.setupGSI_SEC_CONV_Encryption();
conf.setupGSI_SEC_CONV_Signature();
conf.setupFullDelegation();
the error:
uk.org.ogsadai.NON_OGSA_DAI_COMPLIANT_ERROR :
org.globus.ftp.exception.ServerException, Server refused performing the
request. Custom message: Bad password. (error code 1) [Nested exception
message: Custom message: Unexpected reply: 530-Login incorrect. :
globus_gss_assist: Gridmap lookup failure: Could not map
/O=Grid/OU=GlobusTest/OU=simpleCA-pc-boys/CN=host/pc-boys
The fact is that I'm getting this error above, 'cause like the container is
running from the globus user, it looks his certificates,
How Do I put to use the certs from my first user: user01, that is running
MyService?
Thanks.
--
"É este um mundo no qual devemos esconder nossas virtudes?"
Willian Shakespeare
****************
Wilson Júnior
****************
