[Condor-users] GAHP and the certificates directory

[Ray Plante <rplante@xxxxxxxxxxxxxxxxxxxx>]

Hi,

I'm seeing the "Failed to initialize GAHP" failure when I submit a job, and 
thanks to the discussion, I was able learn that authentication was failing 
while starting the gahp server because it couldn't find the certificate data. 
In my case, I found through trial and error that it couldn't locate the 
certificates directory containing the CA certs.

I would like to store these in $GLOBUS_LOCATION/share/certificates; however, 
the only location that seems to work is in $HOME/.globus/certificates.  This is 
consistent with section 3.6.3.1 of the Condor manual ("GSI certificate 
locations for Users") which indicates that this is the default location. 
However, it also says that I can override this by setting X509_CERT_DIR. 
Unfortunately, the component that starts the gahp server appears to ignore this 
value.  (Subsequently the job gets put in a "hold" state.)

Note that condor_submit *does* honor X509_CERT_DIR.  When I set it to a bogus 
location, it fails to even submit the job.

So my basic question is, how to I direct the gahp server startup where to find 
the certificates directory?  Is the gahp server startup expected to honor 
X509_CERT_DIR?  Should I be setting GSI_DAEMON_TRUSTED_CA_DIR in condor_config 
instead?

thanks,
Ray