Eygene Ryabinkin wrote:
> Sun, Dec 14, 2008 at 02:24:50PM +0300, Voznesensky Vladimir wrote:
>>> 3. And now derive an RFC proxy from another RFC proxy:
>>> ---8<---
>>> vovic@ui:~$ glite-voms-proxy-init -rfc -voms rfusion
>>> -cert /tmp/x509up_u1006 -key /tmp/x509up_u1006 -out
>>> proxy2 -path-length 15
>>> Your identity:
>>> /C=RU/O=RDIG/OU=users/OU=grid.kiae.ru/CN=Vladimir
>>> Voznesensky/CN=1667011474
>>> Creating temporary proxy
>>> .............................................. Done
>>> Contacting rdig-registrar.sinp.msu.ru:15005
>>> [/C=RU/O=RDIG/OU=hosts/OU=sinp.msu.ru/CN=rdig-registrar.sinp.msu.ru]
>>> "rfusion" Done
>>> Creating proxy
>>> ................................................. Done
>>> Your proxy is valid until Sun Dec 14 05:28:56 2008
>>> vovic@ui:~$ mv proxy2 /tmp/x509up_u1006
>>> vovic@ui:~$ globusrun -a -r gate.grid.kiae.ru
>>> GRAM Authentication test failure: authentication with
>>> the remote server failed
>
> If I am correct, here is the diagnostics from the server side:
> -----
> TIME: Sat Dec 13 05:41:36 2008
> PID: 16161 -- Notice: 5: Authenticated globus user: /C=RU/O=RDIG/OU=users/OU=gr
> id.kiae.ru/CN=Vladimir Voznesensky
> lcas client name: /C=RU/O=RDIG/OU=users/OU=grid.kiae.ru/CN=Vladimir Voznesensky
> LCAS 0:
> LCAS 1: Initialization LCAS version 1.3.7
> allowing empty credentials
> LCAS 2: LCAS authorization request
> LCAS 0: lcas_userban.mod-plugin_confirm_authorization(): checking banned
> users in /opt/glite/etc/lcas/ban_users.db
> LCAS 0: lcas_plugin_voms-plugin_confirm_authorization_from_x509(): Gener
> ic verification error for VOMS (failure): AC has been granted to a different cer
> tificate than the passed one.
> LCAS 0: 2008-12-13.05:41:36 : lcas_plugin_voms-plugin_confirm_authoriz
> ation_from_x509(): voms plugin failed
> LCAS 0: lcas.mod-lcas_run_va(): authorization failed for plugin /opt/glite/lib
> /modules/lcas_voms.mod
> LCAS 0: lcas.mod-lcas_run_va(): failed
> LCAS failed authorization.
> Failure in LCAS Authorization
> -----
Hi,
The error message in the Savannah bug posted by Jan Just is slightly
different when he tried it:
"Generic verification error for VOMS (failure): Cannot retrieve owner
name from AC."
compared to:
"AC has been granted to a different certificate than the passed one."
If it's possible let's consolidate the bug reporting an details (like
these) in the Savannah bug tracker
https://savannah.cern.ch/bugs/index.php?45318
Both messages originate from the vomsapi, but the first message (from
Jan Just) I don't recognize, the second one I do with GT2 proxies.
cheers,
Oscar
|