On 29/06/11 13:41, Kashif Mohammad wrote: > Gridppnagios does not access ce bdii directly. OK, I realize that I had misread the status, and also that the BDII on that CREAM CE had been stopped by YAIM but apparently not restarted. >You don't need grid certificate for UI either. I think strictly speaking that's true, but I am trying to sort our some 'gsissh' issue on it. What I have observed so far is somewhat baffling: * If I have '/etc/grid-security/hostcert.pem' then GSS auth seems to be available, otherwise it is not. * But with that cert I get this error message in the *server* logs: > Jun 29 14:25:28 ui sshd[1722]: SSH: Server;Ltype: Version;Remote: 129.234.193.13-46718;Protocol: 2.0;Client: OpenSSH_5.0p1-hpn13v1 NCSA_GSSAPI_GPT_4.3 GSI > Jun 29 14:25:28 ui sshd[1722]: failed to map GSI user [log in to unmask] > Jun 29 14:25:28 ui sshd[1722]: Invalid user unknown from 129.234.193.13 This seems to hint that the DN for the *host* cert (for that is it) is used to auth instead of that for my proxy cert. This is baffling as the GSISSH manual: > http://www.globus.org/toolkit/docs/5.0/5.0.0/security/openssh/gsiopenssh.pdf chapter 6 briefly says that indeed is expected to be the user certificate.