[Swift-devel] Re: coasters and CAs
Mihael Hategan
hategan at mcs.anl.gov
Tue May 27 11:50:29 CDT 2008
On Tue, 2008-05-27 at 11:12 +0000, Ben Clifford wrote:
> On Mon, 26 May 2008, Mihael Hategan wrote:
>
> > > Running coaster to the local site (test/sites/coaster/coaster-local.xml)
> > > this runs OK if the CA cert is in the default CA directory
> > > (~benc/.globus/certificates in my case). However, it looks like if the CA
> > > is not in the default CA directory, it is not picked up by the coaster
> > > service from the setting of X509_CERT_DIR.
> >
> > It's normal. Your local X509_CERT_DIR should not apply to the "remote"
> > site. If you want that to be set, stick it as remote env variable in
> > sites.xml or so.
>
> In general it shouldn't.
>
> In the specific case of provider-local, though, the "remote site"
> environment is configured by the remote site sysadmin by setting variables
> in the submit side environment (rather than for example in the case of
> GRAM2 setting them in /etc/xinetd.d/). That is the use of X509_CERT_DIR
> that I am making here.
Ah, fair point.
>
> And indeed X509_CERT_DIR *is* passed through when using provider-local.
>
> Setting it in the sites.xml file also causes it to be set when using
> provider-local (though in that case it appears to obliterate the
> containing environment entirely too). But the same missing CA problem
> happens anyway.
>
> Pretty much I think this should behave the same as GLOBUS_TCP_PORT_RANGE
> which was discussed here:
>
> http://mail.ci.uchicago.edu/pipermail/swift-devel/2008-April/002982.html
>
More information about the Swift-devel
mailing list