Bug 5634 – Give file location of gridmap in authz failures

Bug 5634 - Give file location of gridmap in authz failures

Summary:

Give file location of gridmap in authz failures

Status:	NEW

Product:	GSI C
Component:	Authentication
Version:	unspecified
Platform:	Macintosh All

Importance:	P3 normal
Target Milestone:	---
Assigned To:	Mike Link

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2007-10-24 16:38 by Charles Bacon
Modified:	2008-08-11 15:22 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Charles Bacon 2007-10-24 16:38:34

Given the error message (this is from globus-url-copy):
error: globus_ftp_client: the server responded with an error
530 530-Login incorrect. : globus_gss_assist: Gridmap lookup failure: Could not
map /DC=org/DC=doegrids/OU=People/CN=Charles Bacon 332900


I cannot figure out what gridmap is in use if its not the default.  In this
particular case, the server was using $HOME/.gridmap, but it was confusing to
go look at /etc/grid-security/grid-mapfile, where I was listed just fine. 
Compare with bug 5608 topic 1, which just got fixed in the java GSI code.

------- Comment #1 From Charles Bacon 2007-10-31 12:55:04 -------

Similarly, it would be useful to find out what truste CA certificates directory
was being used when you get a message like this:
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Can't get the local trusted CA certificate: Cannot
find issuer certificate for local credential with subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-crunch.mcs.anl.gov/CN=host/crunch.mcs.anl.gov

It turns out I had a ~/.globus/certificates directory which was overriding my
$GLOBUS_LOCATION/share/certificates I had setup, but it took grid-proxy-init
-verify -debug to point that out.