Bug 4021 - globus-start-container -containerDesc not working
: globus-start-container -containerDesc not working
: Java WS Security
: unspecified
: PC Linux
: P3 critical
: ---
Assigned To:
  Show dependency treegraph
Reported: 2005-12-07 16:36 by
Modified: 2005-12-09 15:38 (History)



You need to log in before you can comment on or make changes to this bug.

Description From 2005-12-07 16:36:42
The -containerDesc option to globus-start-container doesn't seem to be working
in the trunk. When I specify the following security config file:

<?xml version="1.0" encoding="UTF-8"?>
name_value_type.xsd" xmlns:param="http://www.globus.org/security/descriptor">
        <interceptor name="gridmap">
                    <param:parameter name="gridmap-file"

I expect that the container will run with my user creds, but when I try to
submit a job with globusrun-ws -self I get the following error:

GSS Major Status: Unexpected Gatekeeper or Service Name
globus_gsi_gssapi: Authorization denied: The name of the remote entity
(/C=US/O=PGL Inc./CN=host/logan), and the expected name for the remote entity
(/DC=org/DC=doegrids/OU=People/CN=Peter G Lane 364243) do not match

Thinking that the file was being ignored in favor of
$GLOBUS_LOCATION/etc/globus_wsrf_core/globus_security_descriptor.xml, I
commented out the <credential> stuff so that it would look like the above
descriptor. Unfortunately I get an even stranger error:

GSS Major Status: General failure
globus_gsi_gssapi: internal problem with SSL BIO: SSL_read rc=-1
OpenSSL Error: pem_lib.c:637: in library: PEM routines, function PEM_read_bio:
no start line Expecting: CERTIFICATE
------- Comment #1 From 2005-12-09 15:38:21 -------
The command line option descriptor has been fixed. The second issue 
with "authorization denied" has been moved to a separate bug.