CDA SC510 Podręcznik Użytkownika Pobierz pdf (Strona 27)

D2.1.4 IST-033576

root: ./xtreemos-nss-pam-0.04/src/test/pam_app_conv

-pem ~yjegou/.xos/firstproxy.pem

vo = [xtreemos], role = [admin]

pam_xos.c:239: PAM:pam_sm_authenticate: uid = 0, user = [root]

ERROR: Verifying certificate chain: unable to get local issuer

certificate

xos_keyring_revoke: No content in keyring

pam_xos.c:488: PAM: ...: Can not revoke the key

Oops: Permission denied

root:

When SSL checks the signature of some certiﬁcate, it ﬁrst extracts the DN

of the CA who signed the certiﬁcate, computes a hash of this DN and then lo-

cates the CA certiﬁcate in the CA public key directory using this hash. The

certiﬁcate veriﬁcation chain for pam_xos.so PAM plugin is conﬁgured in ﬁle

/etc/xos/pam_xos.conf, item VOCAPublicKeyfile. By default, this

item deﬁnes /etc/xos/certificates/ as the CA public key directory. If

the CA certiﬁcates (named using their hash) have been stored in some other di-

rectory, the VOCAPublicKeyfile of /etc/xos/pam_xos.conf must be

updated.

root: cat /etc/xos/pam_xos.conf

...

#VOACConf /etc/xos/mapdata/quota.conf

VOCAPublicKeyfile /etc/xos/certificates/

#NodePrivateKeyfile /tmp/userkey.pem

Each ﬁle of the CA public key directory must be named from its DN hash.

root: ls -al /etc/xos/certificates/

....

-rw-r--r-- 1 root root 1302 2007-11-12 15:34 076bb57f.0

....

yjegou:

In this example, the ﬁle named by hash 076bb57f.0 contains the pub-

lic key of CA Subject: C=EU, ST=France, L=Rennes, O=INRIA,

OU=IRISA, CN=XtreemOS-test-CA/emailAddress=Yvon.Jegou@-

irisa.fr.

25/49 XtreemOS–Integrated Project

1 2 ... 22 23 24 25 26 27 28 29 30 31 32 ... 50 51

Brak uwag

CDA SC510 Podręcznik Użytkownika Strona 27