Sandra Jimenez Doval schrieb: > I’m using a host certificate that was singed using simpleCA. I created a > grid proxy with this host certificate, and I’m configuring OGSA-DAI to > use Host authorization, with GSI Secure Conversation Message Level > security, so that OGSA-DAI takes globus’ delegated credentials.
Uh. Help me on this: You are authenticating to the OGSA-DAI service as a client with a proxy derived from the very same credentials that server is using? I'm not sure if that makes a lot of sense. Why don't you create a EEC for yourself, sign that with the SimpleCA certificate and derive proxies from that EEC? I think that is much closer to the normal use case. > What else should I check? > > One thing I’m not sure whether I have correctly or not is the > grid-mapfile, but I couldn’t find any tips on how to correctly configure > this on Windows. > That's almost certainly not the issue. The error you quoted pertains to authentication, not authorization. The exception states this: > Authentication Error And the actual error information is fairly verbose, too: > 530-globus_gsi_callback_module: Could not verify credential > > 530-globus_gsi_callback_module: Error with signing policy > > 530-globus_gsi_callback_module: Error in OLD GAA code: CA policy > violation: <no reason given> > > 530 End. The error numbers indicate that the problem occurs not on the OGSA-DAI server but on the remote GridFTP server (530 is an FTP protocol error number). My first guess is that your remote GridFTP server (i.e. the one you are DeliverToGFTP'ing to) is not configured to accept SimpleCA certificates and thus is not able to authenticate you. You should check if connecting to that server by means of uberftp or another GridFTP implementation works from the OGSA-DAI server. Another idea would be that -- in case there is a SimpleCA configured on the GridFTP server -- the signing policiy for that CA is invalid. From Globus 4.0.5 on (or so), you must have signing policies in place for each CA. So, normally you would see a number of <hash>.signing_policy files in your equivalent of /etc/grid_security/certificates - one file for each CA certificate. Regards, --ck -- M. Sc. Christopher Kunz Regionales Rechenzentrum fuer Niedersachsen (RRZN) Gottfried Wilhelm Leibniz Universitaet Hannover +49 511 762-79KUNZ | [EMAIL PROTECTED]
