allowing other identities to connect
Ivan R. Judson
judson at mcs.anl.gov
Thu Jan 30 18:26:38 CST 2003
I successfully ran the venuemanagement.py, and deleted two duplicate venues,
but I can't add one (I get the following authorization failure):
creating proxy on
https://vv2.mcs.anl.gov:11006/Venues/000000f3119d4aa4008c00dd
000b0037b68
Traceback (most recent call last):
File "C:\software\AccessGrid\bin\VenueManagement.py", line 345, in
OpenAddVenu
eDialog
addVenueDialog = AddVenueFrame(self, -1, "", venueList =
self.venuesList)
File "C:\software\AccessGrid\bin\VenueManagement.py", line 890, in
__init__
self.Ok()
File "C:\software\AccessGrid\bin\VenueManagement.py", line 905, in Ok
self.parent.InsertVenue(data, exitsList)
File "C:\software\AccessGrid\bin\VenueManagement.py", line 379, in
InsertVenue
newUri = self.application.AddVenue(data, exitsList)
File "C:\software\AccessGrid\bin\VenueManagement.py", line 97, in AddVenue
Client.Handle(uri).get_proxy().SetConnections(exitsList)
File "C:\software\AccessGrid\AccessGrid\hosting\pyGlobus\AGGSISOAP.py",
line 3
644, in __r_call
self.__hd, self.__ma)
File "C:\software\AccessGrid\AccessGrid\hosting\pyGlobus\AGGSISOAP.py",
line 3
562, in __call
config = self.config)
File "C:\Software\AccessGrid\AccessGrid\hosting\pyGlobus\Client.py", line
139,
in call
r.endheaders()
File "C:\Software\Python22\lib\httplib.py", line 695, in endheaders
self._send_output()
File "C:\Software\Python22\lib\httplib.py", line 581, in _send_output
self.send(msg)
File "C:\Software\Python22\lib\httplib.py", line 548, in send
self.connect()
File "C:\Software\globus\python\pyGlobus\io.py", line 1073, in connect
self.sock.connect(self.host, self.port, self.io_attr)
File "C:\Software\globus\python\pyGlobus\io.py", line 658, in connect
raise ex
pyGlobus.io.GSITCPSocketException: an authentication operation failed
> -----Original Message-----
> From: owner-ag-dev at mcs.anl.gov
> [mailto:owner-ag-dev at mcs.anl.gov] On Behalf Of Thomas Uram
> Sent: Thursday, January 30, 2003 5:21 PM
> To: Robert Olson
> Cc: ag-dev at mcs.anl.gov
> Subject: Re: allowing other identities to connect
>
>
> I made this trivial change in VenueServer.py and it works
> (tested with
> Susanne). I committed the change, and started a server at
> https://vv2:11006/VenueServer (if that looks like a
> non-standard port,
> that's because it's supposed to).
>
> I'll make this change on the NodeManagement services too.
>
> Tom
>
>
> Robert Olson wrote:
>
> > The default authorization mode is
> > GLOBUS_IO_SECURE_AUTHORIZATION_MODE_SELF, which means to only allow
> > connections from processes with the same identity.
> >
> > You can create an authorization callback on either a Client or a
> > Server to allow the application to decide. Returning 1 allows the
> > connection to complete, returning 0 makes it fail.
> >
> > First the client:
> >
> > import Client
> > import os
> >
> > def cb(server, g_handle, remote_user, context):
> > print "got callback for user ", remote_user
> > return 1
> >
> > h = Client.Handle('https://localhost:8000/100', authCallback = cb)
> >
> > ret = None
> >
> > try:
> > ret = h.get_proxy().method(3)
> > except Client.FaultType, f:
> > print "call raised fault ", f, dir(f)
> > print "faultcode='%s'" % (f.faultcode)
> > print "string='%s'" % ( f.faultstring)
> >
> > else:
> > print "Got '%s' '%s' from method" % (ret, map(lambda x: str(x),
> > ret))
> >
> > And the server:
> >
> >
> > [[Other code elided]]
> >
> > def cb(server, g_handle, remote_user, context):
> > print "Server gets identity ", remote_user
> > return 1
> >
> > if __name__ == "__main__":
> >
> > server = Server.Server(8000, auth_callback = cb)
> >
> > s = server.create_service(C)
> >
> > print "Have %s %s" % (s, s.get_handle())
> >
> >
>
>
More information about the ag-dev
mailing list