[OpenAFS] Gssklog Authentication Problem!

Douglas E. Engert deengert@anl.gov
Wed, 04 Dec 2002 10:32:02 -0600 

The problem is the GSSKLOGD does not use the host key, but rather
a seperate certificate where the servivce is gssklog

You need a certificate for 
/O=Grid/O=Globus/CN=gssklog/afs3.caspur.it

(Remember I sent you a note asking if the certificate for afs3.caspur.it
had anything to do with AFS. You never responded.)



Ruggero Nepi wrote:
> 
> Hi,
> 
> I am working with Globus 2.0, integrating it in our AFS system.
> In the client host I have the the rights certicates for the  host and
> user.
> For the server  I have only the afs host certificate (in
> /etc/grid-security/afscert.pem).
> I am using the 0.6 version of gssklog.
> But, after installing gssklog and the gssklogd demon, I discovered this
> error message:
> 
> Notice: 5: Authenticated globus user:
> /O=Grid/O=Globus/OU=caspur.it/CN=Marco Mililotti
> Notice: 0: GRID_SECURITY_HTTP_BODY_FD=8
> Notice: 5: Requested service: jobmanager
> Notice: 5: Authorized as local user: grirm000
> Notice: 5: Authorized as local uid: 402
> Notice: 5:           and local gid: 500
> Notice: 0: executing /scratch/globus/libexec/globus-job-manager
> Notice: 0: GRID_SECURITY_CONTEXT_FD=11
> GSS-error init_sec_context failed: major_status:000f0000
> minor_status:00000067
> Unexpected Gatekeeper or Service Name
> Mutual authentication failed
>  Expected target subject name="/CN=gssklog/afs3.caspur.it"
>  Target returned subject name="/O=Grid/O=Globus/CN=host/afs3.caspur.it"
>   Function:gss_init_sec_context
> Problem 2 with server afs3.caspur.it
> Failed code = 2
> Notice: 0: gssklog rc=2304
> Notice: 0: Child 3848 started
> 
> Is It enough to request another certificate forcing the target CN to
> "/CN=gssklog/afs3.caspur.it" ?

Yes. 

> Are there others setting that I could use ?

What do you mean other setting?

> 
> Thanks
> 
> Ruggero
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444