[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Condor-users] GAHP and the certificates directory
- Date: Fri, 11 Jun 2010 10:13:33 -0500 (CDT)
- From: Ray Plante <rplante@xxxxxxxxxxxxxxxxxxxx>
- Subject: [Condor-users] GAHP and the certificates directory
Hi,
I'm seeing the "Failed to initialize GAHP" failure when I submit a job, and
thanks to the discussion, I was able learn that authentication was failing
while starting the gahp server because it couldn't find the certificate data.
In my case, I found through trial and error that it couldn't locate the
certificates directory containing the CA certs.
I would like to store these in $GLOBUS_LOCATION/share/certificates; however,
the only location that seems to work is in $HOME/.globus/certificates. This is
consistent with section 3.6.3.1 of the Condor manual ("GSI certificate
locations for Users") which indicates that this is the default location.
However, it also says that I can override this by setting X509_CERT_DIR.
Unfortunately, the component that starts the gahp server appears to ignore this
value. (Subsequently the job gets put in a "hold" state.)
Note that condor_submit *does* honor X509_CERT_DIR. When I set it to a bogus
location, it fails to even submit the job.
So my basic question is, how to I direct the gahp server startup where to find
the certificates directory? Is the gahp server startup expected to honor
X509_CERT_DIR? Should I be setting GSI_DAEMON_TRUSTED_CA_DIR in condor_config
instead?
thanks,
Ray