search

rsandhu1 / datafabric-griffin

Automatically exported from code.google.com/p/datafabric-griffin
0 stars 0 forks source link

GSI authentication failing for Griffin 0.9.0 #4

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Install Griffin 0.9.0
2. Get a client X509 proxy certificate
3. Attempt a gridftp connection to Griffin

What is the expected output? What do you see instead?

Server rejects connection with

530 GSI User Authorization failed: GSI Authentication Failed - Cannot find 
Certificate Authority (CA).
(Full exception below)

What version of the product are you using? On what operating system?

Griffin 0.9.0 on CentOS 6

Please provide any additional information below.

I have CA certificates correctly installed in /etc/grid-security/certificates 
and Griffin is correctly using this directory:

2013-03-28 15:16:42,433  INFO [main] (FtpServerStarter.java:255) - Griffin
2013-03-28 15:16:42,433  INFO [main] (FtpServerStarter.java:256) - Version 0.9.0
2013-03-28 15:16:42,439  INFO [main] (FtpServerStarter.java:257) - Build info: 
ARCS GridFTP interface for arbitrary data sources
2013-03-28 15:16:42,439  INFO [main] (FtpServerStarter.java:259) - Ftp server 
options:
2013-03-28 15:16:42,442  INFO [main] (FtpServerStarter.java:263) -     
service.key: /etc/grid-security/daviskey.pem
2013-03-28 15:16:42,443  INFO [main] (FtpServerStarter.java:263) -     
ftp.port: 2811
2013-03-28 15:16:42,443  INFO [main] (FtpServerStarter.java:263) -     
allowed.passive.tcp.ports: 40000-41000
2013-03-28 15:16:42,443  INFO [main] (FtpServerStarter.java:263) -     
max.idle.seconds: 600
2013-03-28 15:16:42,444  INFO [main] (FtpServerStarter.java:263) -     
service.trusted.certs: /etc/grid-security/certificates
2013-03-28 15:16:42,444  INFO [main] (FtpServerStarter.java:263) -     
service.cert: /etc/grid-security/daviscert.pem
2013-03-28 15:16:42,444  INFO [main] (FtpServerStarter.java:263) -     
max.connections: 20
2013-03-28 15:16:42,445  INFO [main] (FtpServerStarter.java:263) -     
allowed.passive.udp.ports: 40000-41000
2013-03-28 15:16:42,445  INFO [main] (FtpServerStarter.java:263) -     
charset.ascii: ISO-8859-1
2013-03-28 15:16:42,446  INFO [main] (FtpServerStarter.java:263) -     
charset.ebcdic: CP1047
2013-03-28 15:16:42,446  INFO [main] (FtpServerStarter.java:263) -     
buffer.size: 2048000
2013-03-28 15:16:42,459  INFO [main] (FtpServerStarter.java:176) - Local ip 
address: irods-bestgrid.nesi.org.nz/130.216.161.89

However, any GSI connection attempts fail with this exception

org.irods.jargon.core.exception.AuthenticationException: GSI Authentication 
Failed - Cannot find Certificate Authority (CA)
        at org.irods.jargon.core.connection.GSIAuth.sendGSIAuth(GSIAuth.java:185)
        at org.irods.jargon.core.connection.GSIAuth.processAuthenticationAfterStartup(GSIAuth.java:250)
        at org.irods.jargon.core.connection.AuthMechanism.authenticate(AuthMechanism.java:65)
        at org.irods.jargon.core.connection.IRODSCommands.startupConnection(IRODSCommands.java:234)
        at org.irods.jargon.core.connection.IRODSCommands.<init>(IRODSCommands.java:152)
        at org.irods.jargon.core.connection.IRODSCommands.instance(IRODSCommands.java:288)
        at org.irods.jargon.core.connection.IRODSSimpleProtocolManager.getIRODSProtocol(IRODSSimpleProtocolManager.java:54)
        at org.irods.jargon.core.connection.IRODSSession.connectAndAddToProtocolsMap(IRODSSession.java:312)
        at org.irods.jargon.core.connection.IRODSSession.currentConnection(IRODSSession.java:271)
        at au.org.arcs.griffin.filesystem.impl.jargon.JargonFileSystemConnectionImpl.<init>(JargonFileSystemConnectionImpl.java:76)
        at au.org.arcs.griffin.filesystem.impl.jargon.JargonFileSystemImpl.createFileSystemConnection(JargonFileSystemImpl.java:181)
        at au.org.arcs.griffin.session.impl.FtpSessionContextImpl.authenticate(FtpSessionContextImpl.java:393)
        at au.org.arcs.griffin.cmd.impl.FtpCmdUserGSI.execute(FtpCmdUserGSI.java:74)
        at au.org.arcs.griffin.cmd.impl.FtpCmdEnc.execute(FtpCmdEnc.java:85)
        at au.org.arcs.griffin.session.impl.FtpSessionImpl.executeCmd(FtpSessionImpl.java:126)
        at au.org.arcs.griffin.session.impl.FtpSessionImpl.run(FtpSessionImpl.java:86)
Caused by: GSSException: Failure unspecified at GSS-API level [Caused by: 
Unknown CA]
        at org.globus.gsi.gssapi.GlobusGSSContextImpl.initSecContext(GlobusGSSContextImpl.java:560)
        at org.irods.jargon.core.connection.GSIAuth.sendGSIAuth(GSIAuth.java:161)
        ... 15 more

Downgrading to Griffin 0.8.4 with everything else the same resolved the problem 
for us.

Original issue reported on code.google.com by Vladimir.Mencl on 2 Apr 2013 at 11:07

GoogleCodeExporter commented 8 years ago 
[deleted comment]
GoogleCodeExporter commented 8 years ago 
Please see 
https://code.google.com/p/datafabric-griffin/wiki/HowToInstallwithIRODS
Need to add "-DX509_CERT_DIR=/etc/grid-security/certificates" to JAVA_OPTIONS 
in /etc/default/griffin

Original comment by shunde.p...@gmail.com on 2 Apr 2013 at 11:44

GoogleCodeExporter commented 8 years ago 
Hi Shunde, thanks, this has helped.  I first thought this directive was in, but 
it was in the commented-out line (included in the default sample config file).  
Adding this to JAVA_OPTIONS helped fix the problem.

Thanks for the help.

Cheers,
Vlad

PS: It is however rather confusing that even when this property is not 
specified, Griffin still reports:
   service.trusted.certs: /etc/grid-security/certificates
- but GSI fails to initialize...

Original comment by Vladimir.Mencl on 3 Apr 2013 at 10:22

GoogleCodeExporter commented 8 years ago 
It is a bit confusing unfortunately.

Original comment by shunde.p...@gmail.com on 10 Apr 2013 at 12:30