Bug 3127 - globus_gsi_gssapi: Authorization denied message needs clarification
: globus_gsi_gssapi: Authorization denied message needs clarification
Status: RESOLVED FIXED
: GSI C
Authentication
: 3.9.5
: PC Linux
: P3 enhancement
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2005-04-10 13:49 by
Modified: 2008-08-11 15:18 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2005-04-10 13:49:52
When I run bin/globusrun-ws -submit -f ../supersimplejob.xml as in the
documentatione xample, I get:

globus_gsi_gssapi: Authorization denied: The name of the remote entity
(/O=Grid/OU=GlobusTest/OU=simpleCA-grid.mydomain.com/CN=host/grid.mydomain.com),
and the expected name for the remote entity (/CN=host/localhost.localdomain) do
not match

My understanding is that:

> > The host cert does not have anything to do with authorization, it is
> > just a way to make sure you are actually talking to the right host.

so maybe this message needs to be tweaked a bit?

(This is 3.9.5, from CVS around the beginning of April.)
------- Comment #1 From 2005-04-11 10:30:01 -------
The host cert does have to do with client side authorization, although I wonder
if we can't make the error a bit better in the case where we do host based
client side authz.

/Sam
------- Comment #2 From 2005-05-03 19:20:05 -------
Changed the error message to something along the lines of:

GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The name of the remote host (wiggum.mcs.anl.gov), and the 
expected name for the remote host (pitcairn.mcs.anl.gov) do not match

/Sam