On 29/06/11 13:41, Kashif Mohammad wrote:
> Gridppnagios does not access ce bdii directly.
OK, I realize that I had misread the status, and also that the BDII on that CREAM CE had been stopped by YAIM but apparently not restarted.
>You don't need grid certificate for UI either.
I think strictly speaking that's true, but I am trying to sort our some 'gsissh' issue on it. What I have observed so far is somewhat baffling:
* If I have '/etc/grid-security/hostcert.pem' then GSS auth
seems to be available, otherwise it is not.
* But with that cert I get this error message in the *server*
logs:
> Jun 29 14:25:28 ui sshd[1722]: SSH: Server;Ltype: Version;Remote: 129.234.193.13-46718;Protocol: 2.0;Client: OpenSSH_5.0p1-hpn13v1 NCSA_GSSAPI_GPT_4.3 GSI
> Jun 29 14:25:28 ui sshd[1722]: failed to map GSI user [log in to unmask]
> Jun 29 14:25:28 ui sshd[1722]: Invalid user unknown from 129.234.193.13
This seems to hint that the DN for the *host* cert (for that is it) is used to auth instead of that for my proxy cert.
This is baffling as the GSISSH manual:
> http://www.globus.org/toolkit/docs/5.0/5.0.0/security/openssh/gsiopenssh.pdf
chapter 6 briefly says that indeed is expected to be the user certificate.
