Hi~ Martin,
I'm Cinyoung's coworker and I saw your mails you sent her to solve the
problems.
Then I did the following works written in your email:
* Put all grid security stuff into /etc/grid-security on both machines
* Unset all globus security related environment variables on both
machines for all users
* The content of harry:/etc/grid-security/certificates seems ok, at
least
grid-cert-diagnostics does not segfault. Copy the content of
harry:/etc/grid-security/certificates into
hermione:/etc/grid-security/certificates
But, it didn't work..
These are output of harry and hermione.
##########################################################################
Harry: root
##########################################################################
*[r...@harry grid-security]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics*
Checking Environment Variables
==============================
Checking if HOME is set... /root
Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1
Checking if X509_CERT_DIR is set... no
Checking if X509_USER_CERT is set... no
Checking if X509_USER_KEY is set... no
Checking if X509_USER_PROXY is set... no
Checking if GRIDMAP is set... no
Checking Security Directories
=======================
Determining trusted cert path... /etc/grid-security/certificates
Checking for cog.properties... not found
Checking for default gridmap location... /etc/grid-security/grid-mapfile
Checking if default gridmap exists... yes
Checking trusted certificates...
================================
Getting trusted certificate list...
Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok
Checking that certificate hash matches filename... ok
Checking CA certificate name for 45fb3f91.0...ok (/O=Grid/OU=GlobusTest/OU=
simpleCA-harry.sookmyung.ac.kr/CN=Globus Simple CA)
Checking if signing policy exists for 45fb3f91.0... ok
Verifying certificate chain for 45fb3f91.0... ok
##########################################################################
Harry: user (the user name is *aero*):
##########################################################################
*[a...@harry grid-security]$ $GLOBUS_LOCATION/bin/grid-cert-diagnostics*
Checking Environment Variables
==============================
Checking if HOME is set... /home/aero
Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1
Checking if X509_CERT_DIR is set... no
Checking if X509_USER_CERT is set... no
Checking if X509_USER_KEY is set... no
Checking if X509_USER_PROXY is set... no
Checking if GRIDMAP is set... no
Checking Security Directories
=======================
Determining trusted cert path... /etc/grid-security/certificates
Checking for cog.properties... not found
Checking for default gridmap location... /home/aero/.gridmap
Checking if default gridmap exists... failed
globus_sysconfig: File does not exist: /home/aero/.gridmap is not a
valid file
Checking trusted certificates...
================================
Getting trusted certificate list...
Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok
Checking that certificate hash matches filename... ok
Checking CA certificate name for 45fb3f91.0...ok (/O=Grid/OU=GlobusTest/OU=
simpleCA-harry.sookmyung.ac.kr/CN=Globus Simple CA)
Checking if signing policy exists for 45fb3f91.0... ok
Verifying certificate chain for 45fb3f91.0... ok
##########################################################################
Hermione: root:
##########################################################################
* [r...@hermione share]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics *
Checking Environment Variables
==============================
Checking if HOME is set... /root
Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1
Checking if X509_CERT_DIR is set... no
Checking if X509_USER_CERT is set... no
Checking if X509_USER_KEY is set... no
Checking if X509_USER_PROXY is set... no
Checking if GRIDMAP is set... no
Checking Security Directories
=======================
Determining trusted cert path... /etc/grid-security/certificates
Checking for cog.properties... not found
Checking for default gridmap location... /etc/grid-security/grid-mapfile
Checking if default gridmap exists... yes
Checking trusted certificates...
================================
Getting trusted certificate list...
Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok
Checking that certificate hash matches filename... ok
Checking CA certificate name for 45fb3f91.0...ok (/O=Grid/OU=GlobusTest/OU=
simpleCA-harry.sookmyung.ac.kr/CN=Globus Simple CA)
Checking if signing policy exists for 45fb3f91.0... ok
Segmentation Fault
##########################################################################
Hermione: user(the user name is *aero)*:
##########################################################################
*[a...@hermione share]$ $GLOBUS_LOCATION/bin/grid-cert-diagnostics*
Checking Environment Variables
==============================
Checking if HOME is set... /home/aero
Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1
Checking if X509_CERT_DIR is set... no
Checking if X509_USER_CERT is set... no
Checking if X509_USER_KEY is set... no
Checking if X509_USER_PROXY is set... no
Checking if GRIDMAP is set... no
Checking Security Directories
=======================
Determining trusted cert path... /etc/grid-security/certificates
Checking for cog.properties... not found
Checking for default gridmap location... /home/aero/.gridmap
Checking if default gridmap exists... failed
globus_sysconfig: File does not exist: /home/aero/.gridmap is not a
valid file
Checking trusted certificates...
================================
Getting trusted certificate list...
Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok
Checking that certificate hash matches filename... ok
Checking CA certificate name for 45fb3f91.0...ok (/O=Grid/OU=GlobusTest/OU=
simpleCA-harry.sookmyung.ac.kr/CN=Globus Simple CA)
Checking if signing policy exists for 45fb3f91.0... ok
Segmentation Fault
###########################################################################
Then I got the same error like this.
##########################################################################
*[a...@hermione /]$ globus-url-copy -dbg gsiftp://
hermione.sookmyung.ac.kr/etc/group \gsiftp://
harry.sookmyung.ac.kr/tmp/from-harry*
debug: starting to size gsiftp://hermione.sookmyung.ac.kr/etc/group
debug: connecting to gsiftp://hermione.sookmyung.ac.kr/etc/group
debug: response from gsiftp://hermione.sookmyung.ac.kr/etc/group:
220 hermione.sookmyung.ac.kr GridFTP Server 3.15 (gcc32, 1222656151-78)
[Globus Toolkit 4.2.1] ready.
debug: authenticating with gsiftp://hermione.sookmyung.ac.kr/etc/group
debug: response from gsiftp://hermione.sookmyung.ac.kr/etc/group:
530-globus_xio: Authentication Error
530-OpenSSL Error: s3_srvr.c:2490: in library: SSL routines, function
SSL3_GET_CLIENT_CERTIFICATE: no certificate returned
530-globus_gsi_callback_module: Could not verify credential
530-globus_gsi_callback_module: Could not verify credential: invalid CA
certificate
530 End.
debug: fault on connection to gsiftp://hermione.sookmyung.ac.kr/etc/group
debug: operation complete
debug: starting to transfer gsiftp://hermione.sookmyung.ac.kr/etc/group to
gsiftp://harry.sookmyung.ac.kr/tmp/from-harry
debug: connecting to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry
debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
220 harry.sookmyung.ac.kr GridFTP Server 3.15 (gcc32dbgpthr, 1222656151-78)
[Globus Toolkit 4.2.1] ready.
debug: authenticating with gsiftp://harry.sookmyung.ac.kr/tmp/from-harry
debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
230 User aero logged in.
debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
SITE HELP
debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
214-The following commands are recognized:
ALLO APPE REST CWD CDUP DCAU EPSV FEAT
ERET MDTM STAT ESTO HELP LIST MODE NLST
MLSD PASV RNFR MLST NOOP OPTS STOR PASS
PBSZ PORT PROT SITE EPRT RETR SPOR SCKS
TREV PWD QUIT SBUF SIZE SPAS STRU SYST
RNTO TYPE USER LANG MKD RMD DELE CKSM
214 End
debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
FEAT
debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
211-Extensions supported
AUTHZ_ASSERT
UTF8
LANG EN
DCAU
PARALLEL
SIZE
MLST
Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unk*;
ERET
ESTO
SPAS
SPOR
REST STREAM
MDTM
PASV AllowDelayed;
211 End.
debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
TYPE I
debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
200 Type set to I.
debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
PBSZ 1048576
debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
200 PBSZ=1048576
debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
PASV
debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
227 Entering Passive Mode (203,153,146,56,201,186)
debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry:
STOR /tmp/from-harry
debug: sending command to gsiftp://hermione.sookmyung.ac.kr/etc/group:
TYPE I
debug: response from gsiftp://hermione.sookmyung.ac.kr/etc/group:
530 Must perform GSSAPI authentication.
debug: fault on connection to gsiftp://hermione.sookmyung.ac.kr/etc/group
debug: operation complete
error: globus_ftp_client: the server responded with an error
530 Must perform GSSAPI authentication.
I really don't know what the problem is..
Regards,
Sunah Park.
