Bug 5634 - Give file location of gridmap in authz failures
: Give file location of gridmap in authz failures
Status: NEW
: GSI C
Authentication
: unspecified
: Macintosh All
: P3 normal
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2007-10-24 16:38 by
Modified: 2008-08-11 15:22 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2007-10-24 16:38:34
Given the error message (this is from globus-url-copy):
error: globus_ftp_client: the server responded with an error
530 530-Login incorrect. : globus_gss_assist: Gridmap lookup failure: Could not
map /DC=org/DC=doegrids/OU=People/CN=Charles Bacon 332900


I cannot figure out what gridmap is in use if its not the default.  In this
particular case, the server was using $HOME/.gridmap, but it was confusing to
go look at /etc/grid-security/grid-mapfile, where I was listed just fine. 
Compare with bug 5608 topic 1, which just got fixed in the java GSI code.
------- Comment #1 From 2007-10-31 12:55:04 -------
Similarly, it would be useful to find out what truste CA certificates directory
was being used when you get a message like this:
globus_gsi_callback_module: Could not verify credential
globus_gsi_callback_module: Can't get the local trusted CA certificate: Cannot
find issuer certificate for local credential with subject:
/O=Grid/OU=GlobusTest/OU=simpleCA-crunch.mcs.anl.gov/CN=host/crunch.mcs.anl.gov

It turns out I had a ~/.globus/certificates directory which was overriding my
$GLOBUS_LOCATION/share/certificates I had setup, but it took grid-proxy-init
-verify -debug to point that out.