Bugzilla – Bug 3127
globus_gsi_gssapi: Authorization denied message needs clarification
Last modified: 2008-08-11 15:18:37
You need to
before you can comment on or make changes to this bug.
When I run bin/globusrun-ws -submit -f ../supersimplejob.xml as in the
documentatione xample, I get:
globus_gsi_gssapi: Authorization denied: The name of the remote entity
and the expected name for the remote entity (/CN=host/localhost.localdomain) do
My understanding is that:
> > The host cert does not have anything to do with authorization, it is
> > just a way to make sure you are actually talking to the right host.
so maybe this message needs to be tweaked a bit?
(This is 3.9.5, from CVS around the beginning of April.)
The host cert does have to do with client side authorization, although I wonder
if we can't make the error a bit better in the case where we do host based
client side authz.
Changed the error message to something along the lines of:
GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The name of the remote host (wiggum.mcs.anl.gov), and the
expected name for the remote host (pitcairn.mcs.anl.gov) do not match