Bug 3127 – globus_gsi_gssapi: Authorization denied message needs clarification

Bug 3127 - globus_gsi_gssapi: Authorization denied message needs clarification

Summary:

globus_gsi_gssapi: Authorization denied message needs clarification

Status:	RESOLVED FIXED

Product:	GSI C
Component:	Authentication
Version:	3.9.5
Platform:	PC Linux

Importance:	P3 enhancement
Target Milestone:	---
Assigned To:	Sam Meder

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2005-04-10 13:49 by Nick Chase
Modified:	2008-08-11 15:18 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Nick Chase 2005-04-10 13:49:52

When I run bin/globusrun-ws -submit -f ../supersimplejob.xml as in the
documentatione xample, I get:

globus_gsi_gssapi: Authorization denied: The name of the remote entity
(/O=Grid/OU=GlobusTest/OU=simpleCA-grid.mydomain.com/CN=host/grid.mydomain.com),
and the expected name for the remote entity (/CN=host/localhost.localdomain) do
not match

My understanding is that:

> > The host cert does not have anything to do with authorization, it is
> > just a way to make sure you are actually talking to the right host.

so maybe this message needs to be tweaked a bit?

(This is 3.9.5, from CVS around the beginning of April.)

------- Comment #1 From Sam Meder 2005-04-11 10:30:01 -------

The host cert does have to do with client side authorization, although I wonder
if we can't make the error a bit better in the case where we do host based
client side authz.

/Sam

------- Comment #2 From Sam Meder 2005-05-03 19:20:05 -------

Changed the error message to something along the lines of:

GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The name of the remote host (wiggum.mcs.anl.gov), and the 
expected name for the remote host (pitcairn.mcs.anl.gov) do not match

/Sam