Difference between revisions of "Proxy file handling in gLExec"
Line 27: | Line 27: | ||
glexec[10301]: lcas.mod-lcas_run_va(): failed | glexec[10301]: lcas.mod-lcas_run_va(): failed | ||
− | As a result of not being able to present tokens to be authorized, the gLExec tool will exit with a 203 exit code. This indicates that the authorization of the user has failed. For more information on the gLExec exit code, please visit: | + | As a result of not being able to present tokens to be authorized, the gLExec tool will exit with a 203 exit code. This indicates that the authorization of the user has failed. For more information on the gLExec exit code, please visit: [[Exit codes of gLExec]] |
Revision as of 15:06, 7 February 2010
gLExec uses four environment variables for various reasons. This section is intended to explain what they do in a pragmatic way so that you should be able to work with them.
The environment variables of interest are:
- GLEXEC_CLIENT_CERT
- GLEXEC_SOURCE_PROXY
- GLEXEC_TARGET_PROXY
- X509_USER_PROXY
GLEXEC_CLIENT_CERT
gLExec needs a (proxy) certificate as input to know who to authorize and to which account you must be mapped. The mapping and authorization decision will be based primarily on this file.
The GLEXEC_CLIENT_CERT
- Contains a file path from the root to the file. Note: "/dir/subdir/../subdir2/proxy" is allowed.
- Must contain a public and private key pair in this one file.
- Must be readable by the user account calling gLExec
- Variable must be accessible by gLExec to read.
- Typically that means to export it into the current shell.
- Must be set before calling gLExec.
Troubleshooting hints
When this environment variable is not available or when the given path is not readable by gLExec the following error messages will occur in the gLExec log indicating a problem with gLExec's input, in particular the absence of a usable GLEXEC_CLIENT_CERT:
glexec[10301]: LCAS authorization request glexec[10301]: lcas.mod-lcas_run_va(): Cannot find certificate chain in pem string(failure) glexec[10301]: lcas.mod-lcas_run_va(): failed
As a result of not being able to present tokens to be authorized, the gLExec tool will exit with a 203 exit code. This indicates that the authorization of the user has failed. For more information on the gLExec exit code, please visit: Exit codes of gLExec