Bug 3845 - data channel authentication failure
: data channel authentication failure
Status: NEW
: GridFTP
GridFTP
: 4.0.0
: PC Linux
: P3 normal
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2005-10-26 17:06 by
Modified: 2005-10-27 14:20 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2005-10-26 17:06:59
GT 4.0.1 built from source on a Fedora Core 3 box with

[root@oregano skoranda]# gcc --version
gcc (GCC) 3.4.4 20050721 (Red Hat 3.4.4-2)
Copyright (C) 2004 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[root@oregano skoranda]# rpm -qa|grep glibc
glibc-kernheaders-2.4-9.1.87
glibc-2.3.5-0.fc3.1
glibc-devel-2.3.5-0.fc3.1
glibc-common-2.3.5-0.fc3.1
glibc-headers-2.3.5-0.fc3.1

The box is behind a NAT router and has IP address 192.168.29.13. To test the
server I created a host certificate using simpleCA with subject

/O=Grid/OU=GlobusTest/OU=sCA-oregano.phys.uwm.edu/CN=host/192.168.29.13

and then edited /etc/hosts so that it contains the line

192.168.29.13   oregano.phys.uwm.edu oregano

so that the hostname maps to the current IP adress.

When I start globus-gridftp-server and try to transfer a file by connecting
(from the same machine) with globus-url-copy I see the following on the client
side (note that control channel authentication works):



debug: starting to get gsiftp://192.168.29.13/tmp/largefile
debug: connecting to gsiftp://192.168.29.13/tmp/largefile
debug: response from gsiftp://192.168.29.13/tmp/largefile:
220 oregano.phys.uwm.edu GridFTP Server 2.1 (gcc32dbg, 1122653280-63) ready.


debug: authenticating with gsiftp://192.168.29.13/tmp/largefile
debug: response from gsiftp://192.168.29.13/tmp/largefile:
230 User skoranda logged in.


debug: sending command:
SITE HELP


debug: response from gsiftp://192.168.29.13/tmp/largefile:
214-The following commands are recognized:

    ALLO    ESTO    RNTO    APPE    DCAU    MODE    SIZE    STRU

    TYPE    DELE    SITE    CWD     ERET    FEAT    LIST    NLST

    MLSD    MLST    PORT    PROT    EPRT    PWD     QUIT    REST

    STAT    SYST    MKD     RMD     CDUP    HELP    NOOP    EPSV

    PASV    TREV    SBUF    MDTM    CKSM    OPTS    PASS    SPAS

    PBSZ    SPOR    RETR    STOR    USER    RNFR    LANG

214 End


debug: sending command:
FEAT


debug: response from gsiftp://192.168.29.13/tmp/largefile:
211-Extensions supported

 UTF8

 LANG EN

 DCAU

 PARALLEL

 SIZE

 MLST
Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unique*;UNIX.slink*;

 ERET

 ESTO

 SPAS

 SPOR

 REST STREAM

 MDTM

211 End.


debug: sending command:
TYPE I
debug: response from gsiftp://192.168.29.13/tmp/largefile:
200 Type set to I.


debug: sending command:
PBSZ 1048576


debug: response from gsiftp://192.168.29.13/tmp/largefile:
200 PBSZ=1048576


debug: sending command:
PASV


debug: response from gsiftp://192.168.29.13/tmp/largefile:
227 Entering Passive Mode (192,168,29,13,128,101)


debug: sending command:
RETR /tmp/largefile


debug: response from gsiftp://192.168.29.13/tmp/largefile:
500 Command failed. : globus_xio: An end of file occurred


debug: fault on connection to gsiftp://192.168.29.13/tmp/largefile:
globus_ftp_client: the server responded with an error
debug: data callback, error globus_ftp_client: the server responded with an
error, buffer 0xb7bc0008, length 0, offset=0, eof=true
debug: operation complete

error: globus_ftp_client: the server responded with an error
500 Command failed. : globus_xio: An end of file occurred


Source: gsiftp://192.168.29.13/tmp/
Dest:   file:/tmp/
  largefile  ->  foo


On the server side I see this:


[11763] Wed Oct 26 16:59:00 2005 :: Server started in daemon mode.
[11763] Wed Oct 26 16:59:00 2005 :: Configuration read from
/opt/globus/etc/gridftp.conf.
[11763] Wed Oct 26 16:59:04 2005 :: New connection from: oregano.phys.uwm.edu:52577
[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [CLIENT]: USER
:globus-mapping:

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [SERVER]: 331
Password required for :globus-mapping:.

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [CLIENT]: PASS 

[11763] Wed Oct 26 16:59:04 2005 :: User skoranda successfully authorized
[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [CLIENT]: PASS 

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [SERVER]: 230
User skoranda logged in.

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [CLIENT]: SITE HELP

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [SERVER]:
214-The following commands are recognized:

    ALLO    ESTO    RNTO    APPE    DCAU    MODE    SIZE    STRU

    TYPE    DELE    SITE    CWD     ERET    FEAT    LIST    NLST

    MLSD    MLST    PORT    PROT    EPRT    PWD     QUIT    REST

    STAT    SYST    MKD     RMD     CDUP    HELP    NOOP    EPSV

    PASV    TREV    SBUF    MDTM    CKSM    OPTS    PASS    SPAS

    PBSZ    SPOR    RETR    STOR    USER    RNFR    LANG

214 End

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [CLIENT]: FEAT

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [SERVER]:
211-Extensions supported

 UTF8

 LANG EN

 DCAU

 PARALLEL

 SIZE

 MLST
Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unique*;UNIX.slink*;

 ERET

 ESTO

 SPAS

 SPOR

 REST STREAM

 MDTM

211 End.

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [CLIENT]: TYPE I

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [SERVER]: 200
Type set to I.

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [CLIENT]: PBSZ
1048576

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [SERVER]: 200
PBSZ=1048576

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [CLIENT]: PASV

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [SERVER]: 227
Entering Passive Mode (192,168,29,13,128,101)

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [CLIENT]: RETR
/tmp/largefile

[11763] Wed Oct 26 16:59:04 2005 :: Finished transferring "/tmp/largefile".
[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [SERVER]: 500
Command failed. : globus_xio: An end of file occurred

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [CLIENT]: QUIT

[11763] Wed Oct 26 16:59:04 2005 :: oregano.phys.uwm.edu:52577: [SERVER]: 221
Goodbye.

[11763] Wed Oct 26 16:59:04 2005 :: Closed connection from
oregano.phys.uwm.edu:52577


If I add the option "-nodcau' to guc then the file transfers.

Here is the output when the same commands are run but with GLOBUS_ERROR_OUTPUT
and GLOBUS_ERROR_VERBOSE both set to one in the environment.

Client:

globus_error_put(): globus_gsi_credential.c:globus_gsi_cred_read_key:1093:
Key is password protected: GSI does not currently support password protected
private keys.
OpenSSL Error: pem_lib.c:401: in library: PEM routines, function PEM_do_header:
bad password read

globus_error_put(): globus_gsi_credential.c:globus_gsi_cred_read:480:
Error reading host credential
globus_gsi_credential.c:globus_gsi_cred_read_key:1093:
Key is password protected: GSI does not currently support password protected
private keys.
OpenSSL Error: pem_lib.c:401: in library: PEM routines, function PEM_do_header:
bad password read

globus_error_put():
globus_gsi_system_config.c:globus_gsi_sysconfig_dir_exists_unix:4561:
File does not exist: /people/skoranda/.globus/certificates is not a valid directory

globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_create_cert_dir_string:378:
Could not find a valid trusted CA certificates directory
globus_gsi_system_config.c:globus_gsi_sysconfig_dir_exists_unix:4561:
File does not exist: /people/skoranda/.globus/certificates is not a valid directory

debug: starting to get gsiftp://192.168.29.13/tmp/largefile
debug: connecting to gsiftp://192.168.29.13/tmp/largefile
debug: response from gsiftp://192.168.29.13/tmp/largefile:
220 oregano.phys.uwm.edu GridFTP Server 2.1 (gcc32dbg, 1122653280-63) ready.


debug: authenticating with gsiftp://192.168.29.13/tmp/largefile
globus_error_put(): globus_gsi_credential.c:globus_gsi_cred_read_key:1093:
Key is password protected: GSI does not currently support password protected
private keys.
OpenSSL Error: pem_lib.c:401: in library: PEM routines, function PEM_do_header:
bad password read

globus_error_put(): globus_gsi_credential.c:globus_gsi_cred_read:480:
Error reading host credential
globus_gsi_credential.c:globus_gsi_cred_read_key:1093:
Key is password protected: GSI does not currently support password protected
private keys.
OpenSSL Error: pem_lib.c:401: in library: PEM routines, function PEM_do_header:
bad password read

globus_error_put():
globus_gsi_system_config.c:globus_gsi_sysconfig_dir_exists_unix:4561:
File does not exist: /people/skoranda/.globus/certificates is not a valid directory

globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_create_cert_dir_string:378:
Could not find a valid trusted CA certificates directory
globus_gsi_system_config.c:globus_gsi_sysconfig_dir_exists_unix:4561:
File does not exist: /people/skoranda/.globus/certificates is not a valid directory

globus_error_put():
globus_gsi_system_config.c:globus_gsi_sysconfig_dir_exists_unix:4561:
File does not exist: /people/skoranda/.globus/certificates is not a valid directory

globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_create_cert_dir_string:378:
Could not find a valid trusted CA certificates directory
globus_gsi_system_config.c:globus_gsi_sysconfig_dir_exists_unix:4561:
File does not exist: /people/skoranda/.globus/certificates is not a valid directory

debug: response from gsiftp://192.168.29.13/tmp/largefile:
230 User skoranda logged in.


debug: sending command:
SITE HELP


debug: response from gsiftp://192.168.29.13/tmp/largefile:
214-The following commands are recognized:

    ALLO    ESTO    RNTO    APPE    DCAU    MODE    SIZE    STRU

    TYPE    DELE    SITE    CWD     ERET    FEAT    LIST    NLST

    MLSD    MLST    PORT    PROT    EPRT    PWD     QUIT    REST

    STAT    SYST    MKD     RMD     CDUP    HELP    NOOP    EPSV

    PASV    TREV    SBUF    MDTM    CKSM    OPTS    PASS    SPAS

    PBSZ    SPOR    RETR    STOR    USER    RNFR    LANG

214 End


debug: sending command:
FEAT


debug: response from gsiftp://192.168.29.13/tmp/largefile:
211-Extensions supported

 UTF8

 LANG EN

 DCAU

 PARALLEL

 SIZE

 MLST
Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unique*;UNIX.slink*;

 ERET

 ESTO

 SPAS

 SPOR

 REST STREAM

 MDTM

211 End.


debug: sending command:
TYPE I
debug: response from gsiftp://192.168.29.13/tmp/largefile:
200 Type set to I.


debug: sending command:
PBSZ 1048576


debug: response from gsiftp://192.168.29.13/tmp/largefile:
200 PBSZ=1048576


debug: sending command:
PASV


debug: response from gsiftp://192.168.29.13/tmp/largefile:
227 Entering Passive Mode (192,168,29,13,128,102)


debug: sending command:
RETR /tmp/largefile


globus_error_put(): globus_gsi_credential.c:globus_gsi_cred_read_key:1093:
Key is password protected: GSI does not currently support password protected
private keys.
OpenSSL Error: pem_lib.c:401: in library: PEM routines, function PEM_do_header:
bad password read

globus_error_put(): globus_gsi_credential.c:globus_gsi_cred_read:480:
Error reading host credential
globus_gsi_credential.c:globus_gsi_cred_read_key:1093:
Key is password protected: GSI does not currently support password protected
private keys.
OpenSSL Error: pem_lib.c:401: in library: PEM routines, function PEM_do_header:
bad password read

globus_error_put():
globus_gsi_system_config.c:globus_gsi_sysconfig_dir_exists_unix:4561:
File does not exist: /people/skoranda/.globus/certificates is not a valid directory

globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_create_cert_dir_string:378:
Could not find a valid trusted CA certificates directory
globus_gsi_system_config.c:globus_gsi_sysconfig_dir_exists_unix:4561:
File does not exist: /people/skoranda/.globus/certificates is not a valid directory

globus_error_put():
globus_gsi_system_config.c:globus_gsi_sysconfig_dir_exists_unix:4561:
File does not exist: /people/skoranda/.globus/certificates is not a valid directory

globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_create_cert_dir_string:378:
Could not find a valid trusted CA certificates directory
globus_gsi_system_config.c:globus_gsi_sysconfig_dir_exists_unix:4561:
File does not exist: /people/skoranda/.globus/certificates is not a valid directory

globus_error_put(): globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:695:
Could not verify credential: self signed certificate in certificate chain

globus_error_put():
globus_gsi_callback.c:globus_gsi_callback_handshake_callback:531:
Could not verify credential
globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:695:
Could not verify credential: self signed certificate in certificate chain

globus_error_put(): globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:862:
SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed

globus_error_put(): globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:862:
SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback.c:globus_gsi_callback_handshake_callback:531:
Could not verify credential
globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:695:
Could not verify credential: self signed certificate in certificate chain

globus_error_put(): globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:889:
Unable to verify remote side's credentials
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:862:
SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback.c:globus_gsi_callback_handshake_callback:531:
Could not verify credential
globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:695:
Could not verify credential: self signed certificate in certificate chain

globus_error_put(): init_sec_context.c:gss_init_sec_context:190:
SSLv3 handshake problems
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:889:
Unable to verify remote side's credentials
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:862:
SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback.c:globus_gsi_callback_handshake_callback:531:
Could not verify credential
globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:695:
Could not verify credential: self signed certificate in certificate chain

globus_error_put(): globus_xio_gsi.c:globus_l_xio_gsi_read_token_cb:1178:
gss_init_sec_context failed.
GSS Major Status: Authentication Failed
init_sec_context.c:gss_init_sec_context:190:
SSLv3 handshake problems
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:889:
Unable to verify remote side's credentials
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:862:
SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback.c:globus_gsi_callback_handshake_callback:531:
Could not verify credential
globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:695:
Could not verify credential: self signed certificate in certificate chain

globus_error_put(): globus_xio_gsi.c:globus_l_xio_gsi_read_token_cb:1178:
gss_init_sec_context failed.
GSS Major Status: Authentication Failed
init_sec_context.c:gss_init_sec_context:190:
SSLv3 handshake problems
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:889:
Unable to verify remote side's credentials
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:862:
SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback.c:globus_gsi_callback_handshake_callback:531:
Could not verify credential
globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:695:
Could not verify credential: self signed certificate in certificate chain

globus_error_put(): globus_xio_gsi.c:globus_l_xio_gsi_read_token_cb:1178:
gss_init_sec_context failed.
GSS Major Status: Authentication Failed
init_sec_context.c:gss_init_sec_context:190:
SSLv3 handshake problems
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:889:
Unable to verify remote side's credentials
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:862:
SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback.c:globus_gsi_callback_handshake_callback:531:
Could not verify credential
globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:695:
Could not verify credential: self signed certificate in certificate chain

globus_error_put(): globus_xio_gsi.c:globus_l_xio_gsi_read_token_cb:1178:
gss_init_sec_context failed.
GSS Major Status: Authentication Failed
init_sec_context.c:gss_init_sec_context:190:
SSLv3 handshake problems
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:889:
Unable to verify remote side's credentials
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:862:
SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback.c:globus_gsi_callback_handshake_callback:531:
Could not verify credential
globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:695:
Could not verify credential: self signed certificate in certificate chain

globus_error_put(): globus_xio_gsi.c:globus_l_xio_gsi_read_token_cb:1178:
gss_init_sec_context failed.
GSS Major Status: Authentication Failed
init_sec_context.c:gss_init_sec_context:190:
SSLv3 handshake problems
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:889:
Unable to verify remote side's credentials
globus_i_gsi_gss_utils.c:globus_i_gsi_gss_handshake:862:
SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_clnt.c:842: in library: SSL routines, function
SSL3_GET_SERVER_CERTIFICATE: certificate verify failed
globus_gsi_callback.c:globus_gsi_callback_handshake_callback:531:
Could not verify credential
globus_gsi_callback.c:globus_i_gsi_callback_cred_verify:695:
Could not verify credential: self signed certificate in certificate chain

globus_error_put(): an unknown error occurred

debug: response from gsiftp://192.168.29.13/tmp/largefile:
500-Command failed. : globus_xio_system_select.c:globus_l_xio_system_try_read:1140:

500-An end of file occurred

500 End.


globus_error_put(): Handle not in the proper state

debug: fault on connection to gsiftp://192.168.29.13/tmp/largefile:
globus_ftp_client_state.c:globus_i_ftp_client_response_callback:3144:
the server responded with an error
debug: data callback, error
globus_ftp_client_state.c:globus_i_ftp_client_response_callback:3144:
the server responded with an error, buffer 0xb7bc0008, length 0, offset=0, eof=true
globus_error_put(): globus_ftp_client_transfer.c:globus_ftp_client_abort:4437:
handle was not in use

debug: operation complete
globus_error_put():
globus_ftp_client_state.c:globus_i_ftp_client_response_callback:3144:
the server responded with an error
500 500-Command failed. :
globus_xio_system_select.c:globus_l_xio_system_try_read:1140:

500-An end of file occurred

500 End.




error: globus_ftp_client_state.c:globus_i_ftp_client_response_callback:3144:
the server responded with an error
500 500-Command failed. :
globus_xio_system_select.c:globus_l_xio_system_try_read:1140:

500-An end of file occurred

500 End.


globus_error_put(): Handle not in the proper state

globus_error_put(): globus_i_ftp_control_data_cc_destroy(): handle has
oustanding references.

Source: gsiftp://192.168.29.13/tmp/
Dest:   file:/tmp/
  largefile  ->  foo


Server:

globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_file_exists_unix:4459:
File does not exist: /etc/grid-security/gsi-authz.conf is not a valid file

globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_file_exists_unix:4459:
File does not exist: /opt/globus/etc/gsi-authz.conf is not a valid file

globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_file_exists_unix:4459:
File does not exist: /root/.gsi-authz.conf is not a valid file

globus_error_put():
globus_gsi_system_config.c:globus_gsi_sysconfig_get_authz_conf_filename_unix:6700:
Could not find a valid authorization callback config file
globus_gsi_system_config.c:globus_i_gsi_sysconfig_file_exists_unix:4459:
File does not exist: /root/.gsi-authz.conf is not a valid file

globus_error_put(): globus_libc.c:globus_libc_contact_string_to_ints:3595:
unable to parse ip

[11854] Wed Oct 26 17:04:34 2005 :: Server started in daemon mode.
[11854] Wed Oct 26 17:04:34 2005 :: Configuration read from
/opt/globus/etc/gridftp.conf.
globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_file_exists_unix:4459:
File does not exist: /etc/grid-security/gsi-authz.conf is not a valid file

globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_file_exists_unix:4459:
File does not exist: /opt/globus/etc/gsi-authz.conf is not a valid file

globus_error_put():
globus_gsi_system_config.c:globus_i_gsi_sysconfig_file_exists_unix:4459:
File does not exist: /root/.gsi-authz.conf is not a valid file

globus_error_put():
globus_gsi_system_config.c:globus_gsi_sysconfig_get_authz_conf_filename_unix:6700:
Could not find a valid authorization callback config file
globus_gsi_system_config.c:globus_i_gsi_sysconfig_file_exists_unix:4459:
File does not exist: /root/.gsi-authz.conf is not a valid file

globus_error_put(): globus_callout.c:globus_callout_handle_call_type:650:
The callout type has not been configured: unknown type: GLOBUS_GSI_AUTHZ_HANDLE_INIT


[11854] Wed Oct 26 17:04:39 2005 :: New connection from: oregano.phys.uwm.edu:56207
[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [CLIENT]: USER
:globus-mapping:

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [SERVER]: 331
Password required for :globus-mapping:.

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [CLIENT]: PASS 

[11854] Wed Oct 26 17:04:40 2005 :: User skoranda successfully authorized
[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [CLIENT]: PASS 

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [SERVER]: 230
User skoranda logged in.

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [CLIENT]: SITE HELP

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [SERVER]:
214-The following commands are recognized:

    ALLO    ESTO    RNTO    APPE    DCAU    MODE    SIZE    STRU

    TYPE    DELE    SITE    CWD     ERET    FEAT    LIST    NLST

    MLSD    MLST    PORT    PROT    EPRT    PWD     QUIT    REST

    STAT    SYST    MKD     RMD     CDUP    HELP    NOOP    EPSV

    PASV    TREV    SBUF    MDTM    CKSM    OPTS    PASS    SPAS

    PBSZ    SPOR    RETR    STOR    USER    RNFR    LANG

214 End

globus_error_put(): globus_callout.c:globus_callout_handle_call_type:650:
The callout type has not been configured: unknown type: GLOBUS_GSI_AUTHORIZE_ASYNC


globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put(): Handle not in the proper state

globus_error_put(): an unknown error occurred

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put():
globus_gridftp_server_file.c:globus_l_gfs_file_server_write_cb:1920:
callback failed.
globus_xio_system_select.c:globus_l_xio_system_try_read:1140:
An end of file occurred

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_cancel_cb:665:
Operation was canceled

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_cancel_cb:665:
Operation was canceled

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_cancel_cb:665:
Operation was canceled

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_cancel_cb:665:
Operation was canceled

globus_error_put(): globus_xio_system_select.c:globus_l_xio_system_cancel_cb:665:
Operation was canceled

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [CLIENT]: FEAT

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [SERVER]:
211-Extensions supported

 UTF8

 LANG EN

 DCAU

 PARALLEL

 SIZE

 MLST
Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.group*;Unique*;UNIX.slink*;

 ERET

 ESTO

 SPAS

 SPOR

 REST STREAM

 MDTM

211 End.

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [CLIENT]: TYPE I

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [SERVER]: 200
Type set to I.

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [CLIENT]: PBSZ
1048576

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [SERVER]: 200
PBSZ=1048576

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [CLIENT]: PASV

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [SERVER]: 227
Entering Passive Mode (192,168,29,13,128,102)

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [CLIENT]: RETR
/tmp/largefile

[11854] Wed Oct 26 17:04:40 2005 :: Finished transferring "/tmp/largefile".
[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [SERVER]:
500-Command failed. : globus_xio_system_select.c:globus_l_xio_system_try_read:1140:

500-An end of file occurred

500 End.

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [CLIENT]: QUIT

[11854] Wed Oct 26 17:04:40 2005 :: oregano.phys.uwm.edu:56207: [SERVER]: 221
Goodbye.

[11854] Wed Oct 26 17:04:40 2005 :: Closed connection from
oregano.phys.uwm.edu:56207
------- Comment #1 From 2005-10-27 14:20:47 -------
Further investigation shows that the problem is that the data channel
authentication on the client side is NOT respecting the X509_CERT_DIR
environment variable. 

The control channel authentication is respecting that variable and so the
control channel authentication succeeds. The data channels are not respecting
that variable and are instead looking to /etc/grid-security/certificates for the
CA signing cert (which is not there). 

If I move /etc/grid-security out of the way then all authentication succeeds and
the file transfers.