On Jun 26, 2008, at 11:30 AM, Steven Timm wrote:
Seeing that this machine is a Xen instance after all, we can make as many ethx interfaces as we want, and could put the service IP on a different subnet and give it its own default route. would that help us out?
That's the only thing that sounds to me like it is likely to change the source of the notification message.
Also, would changing the IP in the configuration as mentioned below
No, that's equivalent to setting GLOBUS_HOSTNAME as you're doing now.
--and why does it work, at least as long as we are not delegating or streaming, from within the same machine?
Because then all communication between the client and server are initiated by the client, who performs authz based on the IP address it was trying to contact. I think delegation alone (-J/-S) should work, but streaming definitely involves the container contacting the client, and has the client perform authz based on the source IP used to contact it. It's possible that delegation involves such a contact also; if it does, that's why that doesn't work.
Charles
