[OpenAFS] Gssklog Authentication Problem!
Ruggero Nepi
r.nepi@caspur.it
Wed, 04 Dec 2002 16:03:02 +0100
Hi,
I am working with Globus 2.0, integrating it in our AFS system.
In the client host I have the the rights certicates for the host and
user.
For the server I have only the afs host certificate (in
/etc/grid-security/afscert.pem).
I am using the 0.6 version of gssklog.
But, after installing gssklog and the gssklogd demon, I discovered this
error message:
Notice: 5: Authenticated globus user:
/O=Grid/O=Globus/OU=caspur.it/CN=Marco Mililotti
Notice: 0: GRID_SECURITY_HTTP_BODY_FD=8
Notice: 5: Requested service: jobmanager
Notice: 5: Authorized as local user: grirm000
Notice: 5: Authorized as local uid: 402
Notice: 5: and local gid: 500
Notice: 0: executing /scratch/globus/libexec/globus-job-manager
Notice: 0: GRID_SECURITY_CONTEXT_FD=11
GSS-error init_sec_context failed: major_status:000f0000
minor_status:00000067
Unexpected Gatekeeper or Service Name
Mutual authentication failed
Expected target subject name="/CN=gssklog/afs3.caspur.it"
Target returned subject name="/O=Grid/O=Globus/CN=host/afs3.caspur.it"
Function:gss_init_sec_context
Problem 2 with server afs3.caspur.it
Failed code = 2
Notice: 0: gssklog rc=2304
Notice: 0: Child 3848 started
Is It enough to request another certificate forcing the target CN to
"/CN=gssklog/afs3.caspur.it" ?
Are there others setting that I could use ?
Thanks
Ruggero