[gt-user] myproxy-logon Failed reading length 0 (GT 4.2.0)

Mon, 18 Aug 2008 09:58:44 -0700 

Hi all,

I am running the GT 4.2 Quickstart and when I run the myproxy-logon -v -s 
<myproxy server node> on step "1.5. Set up GridFTP", I am getting the 
following error messages:

[EMAIL PROTECTED]:/home/pcd/10238> myproxy-logon -v -s pc222771
MyProxy v4.2 10 Jan 2008
Attempting to connect to 10.6.3.209:7512
using trusted certificates directory 
/sandbox/globus/globus-4.2.0/share/certificates
Failed reading length 0
Error authenticating: Connection closed.

After that, I stopped myproxy-server on pc222771.sjk.emb removing it from 
the /etc/services file and reloading the xinetd.
I have started myproxy-server with -d option to run it in debug mode and I 
got the following messages

[EMAIL PROTECTED]:/home/pcd/10238> myproxy-logon -v -s pc222771.sjk.emb
MyProxy v4.2 10 Jan 2008
Attempting to connect to 10.6.3.209:7512
using trusted certificates directory 
/sandbox/globus/globus-4.2.0/share/certificates
Error authenticating: GSS Major Status: Authentication Failed
GSS Minor Status Error Chain:
globus_gss_assist: Error during context initialization
globus_gsi_gssapi: Unable to verify remote side's credentials
globus_gsi_gssapi: SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_pkt.c:1057: in library: SSL routines, function 
SSL3_READ_BYTES: sslv3 alert handshake failure SSL alert number 40

[EMAIL PROTECTED]:/home/pcd/10238>

And in the windows where I started myproxy-server -d command

[EMAIL PROTECTED]:~> myproxy-server -d
myproxy-server v4.2 10 Jan 2008 starting at Mon Aug 18 11:31:36 2008
reading configuration file /etc/myproxy-server.config
using storage directory /sandbox/globus/globus-4.2.0/var/myproxy
Starting myproxy-server on localhost:7512...
Connection from 10.6.3.209
using trusted certificates directory 
/sandbox/globus/globus-4.2.0/share/certificates
Error authenticating client: GSS Major Status: Authentication Failed GSS 
Minor Status Error Chain: globus_gsi_gssapi: SSLv3 handshake problems 
OpenSSL Error: a_verify.c:168: in library: asn1 encoding routines, 
function ASN1_item_verify: EVP lib OpenSSL Error: rsa_eay.c:676: in 
library: rsa routines, function RSA_EAY_PUBLIC_DECRYPT: padding check 
failed OpenSSL Error: rsa_pk1.c:100: in library: rsa routines, function 
RSA_padding_check_PKCS1_type_1: block type is not 01
Exiting: authentication failed
[EMAIL PROTECTED]:~>

If I run the old procedure of setting up the credentials in the GT 4.0.x 
Quickstart I have succeeded.

The new procedure seems to be more clean and fast from the user point of 
view.

Could someone please direct me to fix this issue?

Find attached the file "msg_log_of_quickstart.txt" with the commands 
issued to perform the setup of the security.



Regards, Klaus

This message is intended solely for the use of its addressee and may 
contain privileged or confidential information. If you are not the 
addressee you should not distribute, copy or file this message. In this 
case, please notify the sender and destroy its contents immediately.
Esta mensagem é para uso exclusivo de seu destinatário e pode conter 
informações privilegiadas e confidenciais. Se você não é o destinatário 
não deve distribuir, copiar ou arquivar a mensagem. Neste caso, por favor, 
notifique o remetente da mesma e destrua imediatamente a mensagem.
CREATING THE CERTIFICATES

[EMAIL PROTECTED]:~/gt4.2.0-all-source-installer> perl gt-server-ca.pl -y
Setting up /sandbox/globus/globus-4.2.0
Please enter a password of at least four characters for the CA:
Confirm password:
Creating a new simpleCA, logging to gt-server-ca.log...
Running setup-gsi...
Your CA hash is: dca96308
It is located at /sandbox/globus/globus-4.2.0/share/certificates/dca96308.0
Your host DN is 
/O=Grid/OU=GlobusTest/OU=simpleCA-pc222771.sjk.emb/CN=host/pc222771.sjk.emb
The hostcert is located at /sandbox/globus/globus-4.2.0/etc/hostcert.pem
[EMAIL PROTECTED]:~/gt4.2.0-all-source-installer>

CHECKING WHAT WAS CREATED

[EMAIL PROTECTED]:~/gt4.2.0-all-source-installer> ls ~/.globus
simpleCA
[EMAIL PROTECTED]:~/gt4.2.0-all-source-installer> ls ~/.globus/simpleCA/
cacert.pem  crl                                          grid-ca-ssl.conf  
index.txt.attr  newcerts  serial
certs       globus_simple_ca_dca96308_setup-0.20.tar.gz  index.txt         
index.txt.old   private   serial.old
[EMAIL PROTECTED]:~/gt4.2.0-all-source-installer>

MOVING THE SIGNED CERTIFICATE INTO /etc

pc222771:~ # mv $GLOBUS_LOCATION/etc/host*.pem /etc/grid-security/
pc222771:~ #

OR COPYING?

pc222771:~ # cp $GLOBUS_LOCATION/etc/host*.pem /etc/grid-security/
pc222771:~ # ls -l /etc/grid-security
total 12
-rw-r--r-- 1 root root 2696 Aug 18 13:28 hostcert.pem
-rw-r--r-- 1 root root 1386 Aug 18 13:28 hostcert_request.pem
-r-------- 1 root root  887 Aug 18 13:28 hostkey.pem
pc222771:~ #


MAKING THE CONTAINERCERTS OWNED BY globus

pc222771:~ # cd /etc/grid-security
pc222771:/etc/grid-security # ls -l
total 12
-rw-r--r-- 1 root root 2696 Aug 18 13:28 hostcert.pem
-rw-r--r-- 1 root root 1386 Aug 18 13:28 hostcert_request.pem
-r-------- 1 root root  887 Aug 18 13:28 hostkey.pem
pc222771:/etc/grid-security # cp hostcert.pem containercert.pem
pc222771:/etc/grid-security # cp hostkey.pem containerkey.pem
pc222771:/etc/grid-security # chown globus:globus container*.pem
pc222771:/etc/grid-security # ls -l
total 20
-rw-r--r-- 1 globus globus 2696 Aug 18 13:31 containercert.pem
-r-------- 1 globus globus  887 Aug 18 13:31 containerkey.pem
-rw-r--r-- 1 root   root   2696 Aug 18 13:28 hostcert.pem
-rw-r--r-- 1 root   root   1386 Aug 18 13:28 hostcert_request.pem
-r-------- 1 root   root    887 Aug 18 13:28 hostkey.pem
pc222771:/etc/grid-security #


MYPROXY-SERVER WAS CONFIGURED

pc222771:~ # netstat -an | grep 7512
tcp        0      0 0.0.0.0:7512            0.0.0.0:*               LISTEN
pc222771:~ # /etc/init.d/xinetd reload
Reload INET services (xinetd).                                        done
pc222771:~ # netstat -an | grep 7512
tcp        0      0 0.0.0.0:7512            0.0.0.0:*               LISTEN
pc222771:~ #


GETTING USERCERT FOR pcd10238 (MY USER ACCOUNT)

[EMAIL PROTECTED]:~> myproxy-admin-adduser -c Klaus -l pcd10238
A certificate request and private key is being created.
You will be asked to enter a PEM pass phrase.
This pass phrase is akin to your account password,
and is used to protect your key file.
If you forget your pass phrase, you will need to
obtain a new certificate.

Generating a 1024 bit RSA private key
...++++++
.++++++
writing new private key to '/tmp/myproxy_adduser_g9xgWO/myproxy_adduser_key.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Level 0 Organization [Grid]:Level 0 Organizational Unit [GlobusTest]:Level 1 
Organizational Unit [simpleCA-pc222771.sjk.emb]:Level 2 Organizational Unit 
[sjk.emb]:Name (e.g., John M. Smith) []:

A private key and a certificate request has been generated with the subject:

/O=Grid/OU=GlobusTest/OU=simpleCA-pc222771.sjk.emb/OU=sjk.emb/CN=Klaus

If the CN=Klaus is not appropriate, rerun this
script with the -force -cn "Common Name" options.

Your private key is stored in 
/tmp/myproxy_adduser_g9xgWO/myproxy_adduser_key.pem
Your request is stored in 
/tmp/myproxy_adduser_g9xgWO/myproxy_adduser_cert_request.pem

Please e-mail the request to the Globus Simple CA
You may use a command similar to the following:

  cat /tmp/myproxy_adduser_g9xgWO/myproxy_adduser_cert_request.pem | mail

Only use the above if this machine can send AND receive e-mail. if not, please
mail using some other method.

Your certificate will be mailed to you within two working days.
If you receive no response, contact Globus Simple CA at

To sign the request
please enter the password for the CA key:

The new signed certificate is at: /home/globus/.globus/simpleCA//newcerts/02.pem

using storage directory /sandbox/globus/globus-4.2.0/var/myproxy
Credential stored successfully
[EMAIL PROTECTED]:~>


CREATING THE MAPFILE

pc222771:/etc/grid-security # vim mapfile
pc222771:/etc/grid-security # cat mapfile
"/O=Grid/OU=GlobusTest/OU=simpleCA-pc222771.sjk.emb/OU=sjk.emb/CN=Klaus" 
pcd10238
pc222771:/etc/grid-security #


SETTING UP GRIDFTP


pc222771:/etc/grid-security # vim /etc/xinetd.d/gridftp
pc222771:/etc/grid-security # cat /etc/xinetd.d/gridftp
service gsiftp
{
        instances               = 100
        socket_type             = stream
        wait                    = no
        user                    = root
        env                     += GLOBUS_LOCATION=/sandbox/globus/globus-4.2.0
        env                     += 
LD_LIBRARY_PATH=/sandbox/globus/globus-4.2.0/lib

        server                  = 
/sandbox/globus/globus-4.2.0/sbin/globus-gridftp-server
        server_args             = -i
        log_on_success          += DURATION
        nice                    = 10
        disable                 = no
}
pc222771:/etc/grid-security #


pc222771:/etc/grid-security # /etc/init.d/xinetd reload
Reload INET services (xinetd).                                        done


pc222771:/etc/grid-security # netstat -an | grep 2811
tcp        0      0 0.0.0.0:2811            0.0.0.0:*               LISTEN
pc222771:/etc/grid-security #


TRYING TO GET THE CERTIFICATES LOGGINGON TO MYPROXY


[EMAIL PROTECTED]:/home/pcd/10238> export 
GLOBUS_LOCATION=/sandbox/globus/globus-4.2.0
[EMAIL PROTECTED]:/home/pcd/10238> source 
$GLOBUS_LOCATION/etc/globus-user-env.sh
[EMAIL PROTECTED]:/home/pcd/10238> myproxy-logon -s pc222771.sjk.emb
Failed reading length 0
Error authenticating: Connection closed.
[EMAIL PROTECTED]:/home/pcd/10238>

Reply via email to