Hi~ Martin, I'm Cinyoung's coworker and I saw your mails you sent her to solve the problems. Then I did the following works written in your email: * Put all grid security stuff into /etc/grid-security on both machines * Unset all globus security related environment variables on both machines for all users * The content of harry:/etc/grid-security/certificates seems ok, at least grid-cert-diagnostics does not segfault. Copy the content of harry:/etc/grid-security/certificates into hermione:/etc/grid-security/certificates But, it didn't work.. These are output of harry and hermione.
########################################################################## Harry: root ########################################################################## *[r...@harry grid-security]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics* Checking Environment Variables ============================== Checking if HOME is set... /root Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 Checking if X509_CERT_DIR is set... no Checking if X509_USER_CERT is set... no Checking if X509_USER_KEY is set... no Checking if X509_USER_PROXY is set... no Checking if GRIDMAP is set... no Checking Security Directories ======================= Determining trusted cert path... /etc/grid-security/certificates Checking for cog.properties... not found Checking for default gridmap location... /etc/grid-security/grid-mapfile Checking if default gridmap exists... yes Checking trusted certificates... ================================ Getting trusted certificate list... Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok Checking that certificate hash matches filename... ok Checking CA certificate name for 45fb3f91.0...ok (/O=Grid/OU=GlobusTest/OU= simpleCA-harry.sookmyung.ac.kr/CN=Globus Simple CA) Checking if signing policy exists for 45fb3f91.0... ok Verifying certificate chain for 45fb3f91.0... ok ########################################################################## Harry: user (the user name is *aero*): ########################################################################## *[a...@harry grid-security]$ $GLOBUS_LOCATION/bin/grid-cert-diagnostics* Checking Environment Variables ============================== Checking if HOME is set... /home/aero Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 Checking if X509_CERT_DIR is set... no Checking if X509_USER_CERT is set... no Checking if X509_USER_KEY is set... no Checking if X509_USER_PROXY is set... no Checking if GRIDMAP is set... no Checking Security Directories ======================= Determining trusted cert path... /etc/grid-security/certificates Checking for cog.properties... not found Checking for default gridmap location... /home/aero/.gridmap Checking if default gridmap exists... failed globus_sysconfig: File does not exist: /home/aero/.gridmap is not a valid file Checking trusted certificates... ================================ Getting trusted certificate list... Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok Checking that certificate hash matches filename... ok Checking CA certificate name for 45fb3f91.0...ok (/O=Grid/OU=GlobusTest/OU= simpleCA-harry.sookmyung.ac.kr/CN=Globus Simple CA) Checking if signing policy exists for 45fb3f91.0... ok Verifying certificate chain for 45fb3f91.0... ok ########################################################################## Hermione: root: ########################################################################## * [r...@hermione share]# $GLOBUS_LOCATION/bin/grid-cert-diagnostics * Checking Environment Variables ============================== Checking if HOME is set... /root Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 Checking if X509_CERT_DIR is set... no Checking if X509_USER_CERT is set... no Checking if X509_USER_KEY is set... no Checking if X509_USER_PROXY is set... no Checking if GRIDMAP is set... no Checking Security Directories ======================= Determining trusted cert path... /etc/grid-security/certificates Checking for cog.properties... not found Checking for default gridmap location... /etc/grid-security/grid-mapfile Checking if default gridmap exists... yes Checking trusted certificates... ================================ Getting trusted certificate list... Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok Checking that certificate hash matches filename... ok Checking CA certificate name for 45fb3f91.0...ok (/O=Grid/OU=GlobusTest/OU= simpleCA-harry.sookmyung.ac.kr/CN=Globus Simple CA) Checking if signing policy exists for 45fb3f91.0... ok Segmentation Fault ########################################################################## Hermione: user(the user name is *aero)*: ########################################################################## *[a...@hermione share]$ $GLOBUS_LOCATION/bin/grid-cert-diagnostics* Checking Environment Variables ============================== Checking if HOME is set... /home/aero Checking if GLOBUS_LOCATION is set... /usr/local/globus-4.2.1.1 Checking if X509_CERT_DIR is set... no Checking if X509_USER_CERT is set... no Checking if X509_USER_KEY is set... no Checking if X509_USER_PROXY is set... no Checking if GRIDMAP is set... no Checking Security Directories ======================= Determining trusted cert path... /etc/grid-security/certificates Checking for cog.properties... not found Checking for default gridmap location... /home/aero/.gridmap Checking if default gridmap exists... failed globus_sysconfig: File does not exist: /home/aero/.gridmap is not a valid file Checking trusted certificates... ================================ Getting trusted certificate list... Checking CA file /etc/grid-security/certificates/45fb3f91.0... ok Checking that certificate hash matches filename... ok Checking CA certificate name for 45fb3f91.0...ok (/O=Grid/OU=GlobusTest/OU= simpleCA-harry.sookmyung.ac.kr/CN=Globus Simple CA) Checking if signing policy exists for 45fb3f91.0... ok Segmentation Fault ########################################################################### Then I got the same error like this. ########################################################################## *[a...@hermione /]$ globus-url-copy -dbg gsiftp:// hermione.sookmyung.ac.kr/etc/group \gsiftp:// harry.sookmyung.ac.kr/tmp/from-harry* debug: starting to size gsiftp://hermione.sookmyung.ac.kr/etc/group debug: connecting to gsiftp://hermione.sookmyung.ac.kr/etc/group debug: response from gsiftp://hermione.sookmyung.ac.kr/etc/group: 220 hermione.sookmyung.ac.kr GridFTP Server 3.15 (gcc32, 1222656151-78) [Globus Toolkit 4.2.1] ready. debug: authenticating with gsiftp://hermione.sookmyung.ac.kr/etc/group debug: response from gsiftp://hermione.sookmyung.ac.kr/etc/group: 530-globus_xio: Authentication Error 530-OpenSSL Error: s3_srvr.c:2490: in library: SSL routines, function SSL3_GET_CLIENT_CERTIFICATE: no certificate returned 530-globus_gsi_callback_module: Could not verify credential 530-globus_gsi_callback_module: Could not verify credential: invalid CA certificate 530 End. debug: fault on connection to gsiftp://hermione.sookmyung.ac.kr/etc/group debug: operation complete debug: starting to transfer gsiftp://hermione.sookmyung.ac.kr/etc/group to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry debug: connecting to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: 220 harry.sookmyung.ac.kr GridFTP Server 3.15 (gcc32dbgpthr, 1222656151-78) [Globus Toolkit 4.2.1] ready. debug: authenticating with gsiftp://harry.sookmyung.ac.kr/tmp/from-harry debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: 230 User aero logged in. debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: SITE HELP debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: 214-The following commands are recognized: ALLO APPE REST CWD CDUP DCAU EPSV FEAT ERET MDTM STAT ESTO HELP LIST MODE NLST MLSD PASV RNFR MLST NOOP OPTS STOR PASS PBSZ PORT PROT SITE EPRT RETR SPOR SCKS TREV PWD QUIT SBUF SIZE SPAS STRU SYST RNTO TYPE USER LANG MKD RMD DELE CKSM 214 End debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: FEAT debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: 211-Extensions supported AUTHZ_ASSERT UTF8 LANG EN DCAU PARALLEL SIZE MLST Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unk*; ERET ESTO SPAS SPOR REST STREAM MDTM PASV AllowDelayed; 211 End. debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: TYPE I debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: 200 Type set to I. debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: PBSZ 1048576 debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: 200 PBSZ=1048576 debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: PASV debug: response from gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: 227 Entering Passive Mode (203,153,146,56,201,186) debug: sending command to gsiftp://harry.sookmyung.ac.kr/tmp/from-harry: STOR /tmp/from-harry debug: sending command to gsiftp://hermione.sookmyung.ac.kr/etc/group: TYPE I debug: response from gsiftp://hermione.sookmyung.ac.kr/etc/group: 530 Must perform GSSAPI authentication. debug: fault on connection to gsiftp://hermione.sookmyung.ac.kr/etc/group debug: operation complete error: globus_ftp_client: the server responded with an error 530 Must perform GSSAPI authentication. I really don't know what the problem is.. Regards, Sunah Park.