[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] GAHP and the certificates directory



Hi,

I'm seeing the "Failed to initialize GAHP" failure when I submit a job, and thanks to the discussion, I was able learn that authentication was failing while starting the gahp server because it couldn't find the certificate data. In my case, I found through trial and error that it couldn't locate the certificates directory containing the CA certs.
I would like to store these in $GLOBUS_LOCATION/share/certificates; however, 
the only location that seems to work is in $HOME/.globus/certificates.  This is 
consistent with section 3.6.3.1 of the Condor manual ("GSI certificate 
locations for Users") which indicates that this is the default location. 
However, it also says that I can override this by setting X509_CERT_DIR. 
Unfortunately, the component that starts the gahp server appears to ignore this 
value.  (Subsequently the job gets put in a "hold" state.)
Note that condor_submit *does* honor X509_CERT_DIR.  When I set it to a bogus 
location, it fails to even submit the job.
So my basic question is, how to I direct the gahp server startup where to find 
the certificates directory?  Is the gahp server startup expected to honor 
X509_CERT_DIR?  Should I be setting GSI_DAEMON_TRUSTED_CA_DIR in condor_config 
instead?
thanks,
Ray