Bug 1847 - grid-cert-request with both /etc/grid-security and $GL/share/certificates
: grid-cert-request with both /etc/grid-security and $GL/share/certificates
Status: RESOLVED FIXED
: GSI C
Credentials and Proxies
: 3.2.1
: PC Linux
: P3 normal
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2004-07-22 17:30 by
Modified: 2008-08-11 14:54 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2004-07-22 17:30:38
Here's the scenario:

I'm on a host that has /etc/grid-security setup.  I install Globus as a nonroot
user, and install simpleCA into $GLOBUS_LOCATION, and run the simpleCA's
setup-gsi -default -nonroot.

Now I have globus-user-ssl.conf in $GL/etc, and the CA cert in
$GL/share/certificates.  If I try to request a cert from the simpleCA, though, I
can't.  It's not installed in /etc/grid-security, so the default
grid-cert-request doesn't work.  If I set GRID_SECURITY_DIR, grid-cert-request
does this:

        secconfdir="${GRID_SECURITY_DIR}"
        trusted_certs_dir="${secconfdir}/certificates"

That's wrong for the simpleCA nonroot install.  I should be allowed to use
TRUSTED_CA to set the trusted_certs_dir, as outlined on
http://www-unix.globus.org/toolkit/docs/3.2/gsi/admin/configuration.html

The workaround is to create a symlink from $GL/certificates ->
$GL/share/certificates, but the behavior is a little broken.  It should check
the advertised environment variable first.
------- Comment #1 From 2004-07-22 17:32:27 -------
Actually, the workaround is

GRID_SECURITY_DIR = $GLOBUS_LOCATION/etc
$GLOBUS_LOCATION/etc/certificates -> $GLOBUS_LOCATION/share/certificates
------- Comment #2 From 2004-10-28 00:22:09 -------
This has been fixed in CVS HEAD.