Hi All
I am wondering if someone can provide me with some information about
the Globus function "globus_gss_assist_init_sec_context"
We have an authorization service and this globus function is used for
performing handshake between the service and the client.
We observed that as long as the proxy is delegated up to 4 times, so
that the DN is of form :
subject : /DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Neha Sharma/
CN=UID:neha
or
subject : /DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Neha Sharma/
CN=UID:neha/CN=proxy
or
subject : /DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Neha Sharma/
CN=UID:neha/CN=proxy/CN=proxy
or
subject : /DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Neha Sharma/
CN=UID:neha/CN=proxy/CN=proxy/CN=proxy
or
subject : /DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Neha Sharma/
CN=UID:neha/CN=proxy/CN=proxy/CN=proxy/CN=proxy
everything works fine.
However, if it is delegated 5th time and above, so that the DN in the
proxy now has an extra "CN=proxy" , the client hangs on the handshake.
(The DN looks like:
subject : /DC=gov/DC=fnal/O=Fermilab/OU=People/CN=Neha Sharma/
CN=UID:neha/CN=proxy/CN=proxy/CN=proxy/CN=proxy/CN=proxy)
The complete handshake function that is being used is below.
As you can see, all it does is invoke the globus function
"lobus_gss_assist_init_sec_context"
So, I am wondering if there is some kind of limitation in this globus
function, such as maximum length of user proxy or DN
int handshake(gss_cred_id_t credential_handle){
OM_uint32 ret_flags=0;
major_status =
globus_gss_assist_init_sec_context(&minor_status,
credential_handle,
&global_context_handle,
"GSI-NO-
TARGET",
//
GSS_C_DELEG_FLAG|GSS_C_MUTUAL_FLAG,
GSS_C_MUTUAL_FLAG,
&ret_flags,
&token_status,
globus_gss_assist_token_get_fd,
(void *)
socket_in_out_file,
globus_gss_assist_token_send_fd,
(void *)
socket_in_out_file);
if(major_status != GSS_S_COMPLETE){
logerr("Handshake Failed... major_status !=
GSS_S_COMPLETE");
return(GSS_FAILED_HANDSHAKE);
}
return(GSS_SUCCESS);
}
Thanks
-Neha
