On 29 June 2011 14:41, Peter Grandi <[log in to unmask]> wrote:
>>You don't need grid certificate for UI either.
>
> I think strictly speaking that's true, but I am trying to sort our some 'gsissh' issue on it. What I have observed so far is somewhat baffling:
>
> * If I have '/etc/grid-security/hostcert.pem' then GSS auth
> seems to be available, otherwise it is not.
>
> * But with that cert I get this error message in the *server*
> logs:
> > Jun 29 14:25:28 ui sshd[1722]: SSH: Server;Ltype: Version;Remote: 129.234.193.13-46718;Protocol: 2.0;Client: OpenSSH_5.0p1-hpn13v1 NCSA_GSSAPI_GPT_4.3 GSI
>> Jun 29 14:25:28 ui sshd[1722]: failed to map GSI user [log in to unmask]
>> Jun 29 14:25:28 ui sshd[1722]: Invalid user unknown from 129.234.193.13
>
> This seems to hint that the DN for the *host* cert (for that is it) is used to auth instead of that for my proxy cert.
>
So, what does your environment export as the location for
certificates? Try setting X509_USER_CERT and X509_USER_PROXY to point
at the proxy you want to use.
Sam
|