[Swift-user] ProxyPathValidatorException: No relevant signing policy for CA
Thomas Uram
turam at mcs.anl.gov
Tue Jan 31 17:22:52 CST 2012
I'm encountering the following running on PADS via coaster/ssh:pbs , running on various CI machines, including login1.pads.ci.uchicago.edu itself. As another datapoint, gsissh works to login1.pads.ci.uchicago.edu using this proxy certificate; I would guess gsissh would be validating the signing policy, too.
Authentication failed. Caused by Defective credential detected. Caused by org.globus.gsi.proxy.ProxyPathValidatorException: No relevant signing policy for CA "/DC=edu/DC=uchicago/DC=ci/OU=myproxy/CN=grid.ci.uchicago.edu/E=support at ci.uchicago.edu" in file "/etc/grid-security/certificates/de4bc9f5.signing_policy"
at org.globus.gsi.proxy.ProxyPathValidator.checkSigningPolicy(ProxyPathValidator.java:978)
at org.globus.gsi.proxy.ProxyPathValidator.validate(ProxyPathValidator.java:555)
at org.globus.gsi.proxy.ProxyPathValidator.validate(ProxyPathValidator.java:354)
at org.globus.gsi.gssapi.GlobusGSSContextImpl$GSSProxyPathValidator.validate(GlobusGSSContextImpl.java:695)
at org.globus.gsi.gssapi.GlobusGSSContextImpl.verifyChain(GlobusGSSContextImpl.java:731)
at org.globus.gsi.gssapi.GlobusGSSContextImpl.acceptSecContext(GlobusGSSContextImpl.java:325)
at org.globus.gsi.gssapi.net.GssSocket.authenticateServer(GssSocket.java:129)
at org.globus.gsi.gssapi.net.GssSocket.startHandshake(GssSocket.java:147)
at org.globus.gsi.gssapi.net.GssSocket.getInputStream(GssSocket.java:177)
at org.globus.cog.karajan.workflow.service.channels.AbstractTCPChannel.setSocket(AbstractTCPChannel.java:41)
at org.globus.cog.karajan.workflow.service.channels.GSSChannel.<init>(GSSChannel.java:46)
at org.globus.cog.karajan.workflow.service.ConnectionHandler.<init>(ConnectionHandler.java:44)
at org.globus.cog.abstraction.coaster.service.local.LocalService.handleConnection(LocalService.java:71)
at org.globus.net.BaseServer.run(BaseServer.java:247)
at java.lang.Thread.run(Thread.java:662)
*** signing policy file
cat /etc/grid-security/certificates/de4bc9f5.signing_policy
# Computation Institute MyProxy Certificate Authority Signing Policy
# generated by gx-ca-update (gx-map 0.5.3.3)
# See also <http://www.ci.uchicago.edu/de4bc9f5.signing_policy>
access_id_CA X509 '/DC=edu/DC=uchicago/DC=ci/OU=myproxy/CN=grid.ci.uchicago.edu/emailAddress=support at ci.uchicago.edu'
pos_rights globus CA:sign
cond_subjects globus '/DC=edu/DC=uchicago/DC=ci/*'
*** sites.xml
<config>
<pool handle="Bugaboo">
<execution jobmanager="ssh:pbs" provider="coaster" url="login1.pads.ci.uchicago.edu"/>
<filesystem provider="local" url="none" />
<profile namespace="globus" key="maxWallTime">2</profile>
<profile namespace="globus" key="maxTime">300</profile>
<profile key="jobsPerNode" namespace="globus">1</profile>
<profile key="slots" namespace="globus">1</profile>
<profile key="nodeGranularity" namespace="globus">1</profile>
<profile key="maxNodes" namespace="globus">1</profile>
<profile key="queue" namespace="globus">fast</profile>
<profile key="jobThrottle" namespace="karajan">5.99</profile>
<profile key="initialScore" namespace="karajan">10000</profile>
<workdirectory>/home/turam/tmp</workdirectory>
</pool>
</config>
More information about the Swift-user
mailing list