Story #7605: MemberNodes not authorizing CN to harvest log records
NRDC does not trust the CN certificate for log harvesting
urn:node:NRDC throws a NotAuthorized exception when the CN attempts to harvest log records:
org.dataone.service.exceptions.NotAuthorized: Access allowed only for DataONE infrastructure. Active subjects: authenticatedUser (equivalent), public (equivalent), CN=urn:node:CNUCSB1,DC=dataone,DC=org (primary). Trusted subjects: CN=urn:node:NRDC,DC=dataone,DC=org
From the message it appears that NRDC may only trust itself to harvest log records.
#2 Updated by Laura Moyers over 6 years ago
Laura, Robert, and Mark met with Eric Fritzinger from NRDC on 2/3/16. Eric is planning to rework the NRDC setup from reverse proxy to "normal" public-facing operations. He'll have to coordinate with the UNR IT folks as they try to keep all the UNR stuff tightly controlled.