Re: Proxy Renewal: Receiving the second authentication credentials

To: Christopher Kunz <kunz@rvs.uni-hannover.de>
Subject: Re: Proxy Renewal: Receiving the second authentication credentials
From: Jim Basney <jbasney@ncsa.uiuc.edu>
Date: Mon, 11 Jun 2007 13:57:49 -0500
Cc: myproxy-users@ncsa.uiuc.edu
In-reply-to: <466D7A0C.4060707@rvs.uni-hannover.de>
References: <466D6BC1.2020302@rvs.uni-hannover.de> <6444.1181578815@ncsa.uiuc.edu> <466D7A0C.4060707@rvs.uni-hannover.de>
Sender: owner-myproxy-users@ncsa.uiuc.edu

Christopher Kunz <kunz@rvs.uni-hannover.de> wrote:
> For today, I cannot seem to figure out why my local MyProxy server doesn't
> return renewed credentials. I am getting the following errors as soon as our WMS
> wants new credentials:
>
> Jun 11 18:25:33 ce3 myproxy-server: <31601> Authenticated client
> /O=GermanGrid/OU=UniHannover/CN=wms1.gridlab.uni-hannover.de
> Jun 11 18:25:33 ce3 myproxy-server: <31601> authorization failed
> Jun 11 18:25:33 ce3 myproxy-server: <31601> unknown error
> Jun 11 18:25:33 ce3 myproxy-server: <31601> Exiting: unknown error

Did you pass the -a option to myproxy-logon (or equivalent)?

If you send your full client and server side verbose/debug output, I can
try to be of more assistance.

> From a look in the source code, this error should not be possible - all possible
> errors are assigned verror strings. However, there seems to be some fallthrough
> that doesn't assign correct error strings.

I suggest stepping through the code with gdb to see what is happening.

> I have put all *retrievers*, *renewers* and similar configuration variables to
> the broadest setting possible (mostly "*") and tried to debug the error by
> selectively inserting debug statements in the authorization functions. However,
> those never seem to be reached.

If you send your full myproxy-server.config file, I could comment on
whether it might be a configuration problem.

> In addition, I modified myproxy_server.c to output the contents of the
> "certauth" flag, and it is (null) two lines before the function ends - which
> shouldn't be as far as I understand the code.

That's a very strange value for an int variable.  Perhaps your printf()
format string is "%s" when it should be "%d"?

> The problem is that I am dependant on a rather old version of MyProxy because
> we're using it with the gLite 3.0 middleware. I am currently using MyProxy 3.0
> because 3.8 won't even run on our environment.
>
> Is it possible that this is an old bug that has been fixed in the meantime?

Yes, at the least you should get more informative output from more
recent MyProxy versions.

-Jim

References:
- Proxy Renewal: Receiving the second authentication credentials
  - From: Christopher Kunz <kunz@rvs.uni-hannover.de>
- Re: Proxy Renewal: Receiving the second authentication credentials
  - From: Jim Basney <jbasney@ncsa.uiuc.edu>
- Re: Proxy Renewal: Receiving the second authentication credentials
  - From: Christopher Kunz <kunz@rvs.uni-hannover.de>

Prev by Date: Re: Proxy Renewal: Receiving the second authentication credentials
Next by Date: Re: Including custom X.509 extension upon proxy renewal
Previous by thread: Re: Proxy Renewal: Receiving the second authentication credentials

Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index