If you installed the latest voms from the glite repository, it is not ok
to use in production, check
https://gus.fzk.de/pages/ticket_details.php?ticket=37334
as it has been mentioned in this list recently.
O/H Alvaro Simon Garcia έγραψε:
> Dear all,
>
> We are testing a new voms server for vo cesga, conf seems to work fine
> and voms endpoint responds to:
>
> https://voms.egee.cesga.es:8443/voms/cesga
>
> when we try from our ui:
>
> $ voms-proxy-init --voms cesga
> Cannot find file or dir: /home/asimon/.glite/vomses
> Enter GRID pass phrase:
> Your identity: /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
> Creating temporary proxy
> ................................................ Done
> Contacting voms.egee.cesga.es:15110
> [/DC=es/DC=irisgrid/O=cesga/CN=host/voms.egee.cesga.es] "cesga" Done
> Creating proxy ............................................... Done
> Your proxy is valid until Thu Jul 10 01:46:54 2008
>
> works fine but if we try to check voms proxy:
>
> $ voms-proxy-info -debug --all
> *WARNING: Unable to verify signature! Server certificate possibly not
> installed.*
> *Error: Unable to determine hostname from AC.*
> subject : /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon/CN=proxy
> issuer : /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
> identity : /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
> type : proxy
> strength : 512 bits
> path : /tmp/x509up_u522
> timeleft : 11:58:34
> === VO cesga extension information ===
> VO : cesga
> subject : /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
> issuer : /DC=es/DC=irisgrid/O=cesga/CN=host/voms.egee.cesga.es
> attribute : /cesga
> timeleft : 11:58:34
>
> And if we try to submit a test to our ce:
>
> $ globus-job-run ce2.egee.cesga.es:2119/jobmanager-lcgsge -q cesga
> /bin/hostname
> *GRAM Job submission failed because data transfer to the server failed
> (error code 10)*
>
> in ce2.egee.cesga.es we got these errors:
>
> # less /var/log/globus-gatekeeper.log
> ...
> ...
> TIME: Wed Jul 9 13:52:50 2008
> PID: 10120 -- Notice: 5: Authenticated globus user:
> /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
> lcas client name: /DC=es/DC=irisgrid/O=cesga/CN=alvarosimon
> LCAS 0:
> LCAS 1: Initialization LCAS version 1.3.7
> allowing empty credentials
> LCAS 2: LCAS authorization request
> LCAS 0: lcas_userban.mod-plugin_confirm_authorization():
> checking banned users in /opt/glite/etc/lcas/ban_users.db
> LCAS 0:
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): VOMS
> directory error (failure)!
> LCAS 0: 2008-07-09.13:52:50 :
> lcas_plugin_voms-plugin_confirm_authorization_from_x509(): voms plugin
> failed
> LCAS 0: lcas.mod-lcas_run_va(): authorization failed for plugin
> /opt/glite/lib/modules/lcas_voms.mod
> LCAS 0: lcas.mod-lcas_run_va(): failed
>
>
> ce2 is a gLite3.1 with
> /etc/grid-security/vomsdir/cesga/voms.egee.cesga.es.lsc file.
>
> If we use our old voms server, CE users mapping works fine, any idea?
>
>
> Thanks in advance
> Alvaro
>
|