Hi,
just for the records, I updated today the Download page in Savannah
with the latest and greatest stable tarball. The one before was from Dec
2008, however.
Fabrizio
Brian Bockelman ha scritto:
> Hey Gerardo,
>
> Here's the tarball I found from the xrootd homepage
>
> xrootd-20080828-1632.src.tgz
>
> Brian
>
> On Mar 19, 2009, at 12:08 PM, Gerardo Ganis wrote:
>
>>
>> Hi Brian,
>>
>> I managed to reproduce the problem: the file is read but for some
>> reason the cache is not
>> really updated (0 entries updated); this sounds like a bug. I will
>> try to understand whether
>> there is any work around to re-starting the server.
>>
>> By default the client should not cache anything; it does cache the
>> relevant info if you set
>> the env XrdSecPWDAUTOLOG to 1 . You can check the client cache by
>> running
>>
>> xrdpwdadmin -m netrc
>>
>> Cheers, Gerri
>>
>> PS: what version of XROOTD are you running?
>>
>> Brian Bockelman wrote:
>>> Hey Fabrizio,
>>>
>>> I went back with our folks, and we've come up with an acceptable
>>> solution (I don't really want to force all our users out there to get
>>> a new module!)
>>>
>>> Basically, they log into a web interface using the current auth
>>> scheme and it generates a one-time password for them. They are given
>>> the one-time password and the first time they use it, they change it.
>>>
>>> HOWEVER, it appears that users added with xrdpwdadmin can't
>>> effectively use xrootd until the daemon is restarted.
>>>
>>> Here's the command I use, for example:
>>>
>>> xrdpwdadmin add bbockelmnocern3 -force -dontask
>>>
>>> I then take the generated password and try to use it. The server
>>> logs are below. The user output look like this (gDebug=5, removing
>>> un-interesting stuff):
>>>
>>> Password for [log in to unmask]:cmsfilemover:
>>> Info in <TXNetFile::Open>: remote file could not be open
>>> Info in <TXNetFile::CreateXClient>: remote file could not be open
>>> Error in <TXNetFile::CreateXClient>: open attempt failed on
>>> root:[log in to unmask]
>>>
>>>
>>> If I then restart the xrootd server, things work. In fact, after
>>> restarting the xrootd server, the client no longer asks me for the
>>> temporary password (I assume it saved it to the client's cache?) and
>>> just asks me to change the password.
>>>
>>> It appears that the xrootd server is claiming in the logs it has
>>> reloaded the cached authentication file, but this reloading failed to
>>> work.
>>>
>>> Brian
>>>
>>> First attempt:
>>>
>>> 090318 11:39:00 001 XrdInet: Accepted connection from [log in to unmask]
>>> 090318 11:39:00 20699 XrdSched: running ?:[log in to unmask] inq=0
>>> 090318 11:39:00 20699 XrdProtocol: matched protocol xrootd
>>> 090318 11:39:00 20699 ?:[log in to unmask] XrdPoll: FD 27 attached to
>>> poller 0; num=1
>>> 090318 11:39:00 20699 ?:[log in to unmask] XrootdProtocol: 0100 req=3007
>>> dlen=0
>>> 090318 11:39:00 20699 sec_getParms: red.unl.edu
>>> sectoken=&P=pwd,v:10100,id:cmsfilemover,c:ssl
>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdResponse:
>>> 0100 sending 52 data bytes; status=0
>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol:
>>> 0100 req=3000 dlen=254
>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: constructing: host:
>>> red.unl.edu
>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: p: pwd, plen: 4
>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: mode: server
>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: object created: v..
>>> 090318 11:39:00 20699 secpwd_Authenticate: handshaking ID:
>>> bbockelmn.4519:[log in to unmask]
>>> 090318 11:39:00 20699 secpwd_ParseCrypto: parsing list: ssl
>>> 090318 11:39:00 20699 crypto_Factory::GetCryptoFactory: ssl crypto
>>> factory object already loaded (0x7f7faf664960)
>>> 090318 11:39:00 20699 secpwd_Authenticate: version run by client: 10100
>>> 090318 11:39:00 20699 secpwd_CheckRtag: Nothing to check
>>> 090318 11:39:00 20699 secpwd_CheckTimeStamp: Nothing to do
>>> 090318 11:39:00 20699 sut_Rndm::GetString: enter: len: 8 (type: Crypt)
>>> 090318 11:39:00 20699 sut_Rndm::GetString: got: V9JGOZzx
>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol:
>>> 0100 more auth requested; sz=103
>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdResponse:
>>> 0100 sending 103 data bytes; status=4002
>>> 090318 11:39:03 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol:
>>> 0100 request timeout; read 0 of 24 bytes
>>> 090318 11:39:03 20699 XrdPoll: Poller 0 enabled
>>> bbockelmn.4519:[log in to unmask]
>>> 090318 11:39:11 20699 XrdSched: running bbockelmn.4519:[log in to unmask]
>>> inq=0
>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol:
>>> 0100 req=3000 dlen=167
>>> 090318 11:39:11 20699 secpwd_Authenticate: handshaking ID:
>>> bbockelmn.4519:[log in to unmask]
>>> 090318 11:39:11 20699 secpwd_ParseCrypto: parsing list: ssl
>>> 090318 11:39:11 20699 crypto_Factory::GetCryptoFactory: ssl crypto
>>> factory object already loaded (0x7f7faf664960)
>>> 090318 11:39:11 20699 secpwd_Authenticate: version run by client: 10100
>>> 090318 11:39:11 20699 secpwd_CheckRtag: Random tag successfully checked
>>> 090318 11:39:11 20699 secpwd_CheckTimeStamp: Nothing to do
>>> 090318 11:39:11 20699 secpwd_QueryUser: Enter: bbockelmnocern3
>>> 090318 11:39:11 20699 sut_Cache::Rehash: Hash table updated (found 11
>>> active entries)
>>> 090318 11:39:11 20699 sut_Cache::Refresh: Cache refreshed from file
>>> /uscms/home/bbockelm/.xrd/pwdadmin (0 entries updated)
>>> 090318 11:39:11 20699 secpwd_ErrF: Secpwd: wrong credentials: : user
>>> : bbockelmnocern3: kXPC_normal
>>> 090318 11:39:11 20699 XrootdXeq: User authentication failed; Secpwd:
>>> wrong credentials: : user : bbockelmnocern3: kXPC_normal
>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdResponse:
>>> 0100 sending err 3010: Secpwd: wrong credentials: : user :
>>> bbockelmnocern3: kXPC_normal
>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol:
>>> 0100 req=3010 dlen=136
>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdResponse:
>>> 0100 sending err 3006: Invalid request; user not authenticated
>>> 090318 11:39:11 20699 XrootdXeq: bbockelmn.4519:[log in to unmask] disc
>>> 0:00:11
>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrdPoll: FD 27
>>> detached from poller 0; num=0
>>>
>>> Second attempt:
>>>
>>> 090318 11:40:59 001 XrdInet: Accepted connection from [log in to unmask]
>>> 090318 11:40:59 20753 XrdSched: running ?:[log in to unmask] inq=0
>>> 090318 11:40:59 20753 XrdProtocol: matched protocol xrootd
>>> 090318 11:40:59 20753 ?:[log in to unmask] XrdPoll: FD 26 attached to
>>> poller 0; num=1
>>> 090318 11:40:59 20753 ?:[log in to unmask] XrootdProtocol: 0100 req=3007
>>> dlen=0
>>> 090318 11:40:59 20753 sec_getParms: red.unl.edu
>>> sectoken=&P=pwd,v:10100,id:cmsfilemover,c:ssl
>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdResponse:
>>> 0100 sending 52 data bytes; status=0
>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol:
>>> 0100 req=3000 dlen=254
>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: constructing: host:
>>> red.unl.edu
>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: p: pwd, plen: 4
>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: mode: server
>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: object created: v..
>>> 090318 11:40:59 20753 secpwd_Authenticate: handshaking ID:
>>> bbockelmn.2466:[log in to unmask]
>>> 090318 11:40:59 20753 secpwd_ParseCrypto: parsing list: ssl
>>> 090318 11:40:59 20753 crypto_Factory::GetCryptoFactory: ssl crypto
>>> factory object already loaded (0x7fe2fb8a8960)
>>> 090318 11:40:59 20753 secpwd_Authenticate: version run by client: 10100
>>> 090318 11:40:59 20753 secpwd_CheckRtag: Nothing to check
>>> 090318 11:40:59 20753 secpwd_CheckTimeStamp: Nothing to do
>>> 090318 11:40:59 20753 sut_Rndm::GetString: enter: len: 8 (type: Crypt)
>>> 090318 11:40:59 20753 sut_Rndm::Init: taking seed from /dev/urandom
>>> 090318 11:40:59 20753 sut_Rndm::GetString: got: .8lrX3bS
>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol:
>>> 0100 more auth requested; sz=103
>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdResponse:
>>> 0100 sending 103 data bytes; status=4002
>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol:
>>> 0100 req=3000 dlen=167
>>> 090318 11:40:59 20753 secpwd_Authenticate: handshaking ID:
>>> bbockelmn.2466:[log in to unmask]
>>> 090318 11:40:59 20753 secpwd_ParseCrypto: parsing list: ssl
>>> 090318 11:40:59 20753 crypto_Factory::GetCryptoFactory: ssl crypto
>>> factory object already loaded (0x7fe2fb8a8960)
>>> 090318 11:40:59 20753 secpwd_Authenticate: version run by client: 10100
>>> 090318 11:40:59 20753 secpwd_CheckRtag: Random tag successfully checked
>>> 090318 11:40:59 20753 secpwd_CheckTimeStamp: Nothing to do
>>> 090318 11:40:59 20753 secpwd_QueryUser: Enter: bbockelmnocern3
>>> 090318 11:40:59 20753 sut_Cache::Refresh: cached information for file
>>> /uscms/home/bbockelm/.xrd/pwdadmin is up-to-date
>>> 090318 11:41:00 20753 secpwd_ExportCreds: File (template) undefined -
>>> do nothing
>>> 090318 11:41:00 20753 secpwd_Authenticate: WARNING: some problem
>>> exporting creds to file; template is :
>>> 090318 11:41:00 20753 sut_Rndm::GetString: enter: len: 8 (type: Crypt)
>>> 090318 11:41:00 20753 sut_Rndm::GetString: got: 8SVtIe9a
>>> 090318 11:41:00 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol:
>>> 0100 more auth requested; sz=127
>>> 090318 11:41:00 20753 bbockelmn.2466:[log in to unmask] XrootdResponse:
>>> 0100 sending 127 data bytes; status=4002
>>> 090318 11:41:03 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol:
>>> 0100 request timeout; read 0 of 24 bytes
>>> 090318 11:41:03 20753 XrdPoll: Poller 0 enabled
>>> bbockelmn.2466:[log in to unmask]
>>> 090318 11:41:19 20753 XrdSched: running bbockelmn.2466:[log in to unmask]
>>> inq=0
>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol:
>>> 0100 req=3000 dlen=143
>>> 090318 11:41:19 20753 secpwd_Authenticate: handshaking ID:
>>> bbockelmn.2466:[log in to unmask]
>>> 090318 11:41:19 20753 secpwd_ParseCrypto: parsing list: ssl
>>> 090318 11:41:19 20753 crypto_Factory::GetCryptoFactory: ssl crypto
>>> factory object already loaded (0x7fe2fb8a8960)
>>> 090318 11:41:19 20753 secpwd_Authenticate: version run by client: 10100
>>> 090318 11:41:19 20753 secpwd_CheckRtag: Random tag successfully checked
>>> 090318 11:41:19 20753 secpwd_CheckTimeStamp: Nothing to do
>>> 090318 11:41:19 20753 sut_Rndm::GetBuffer: enter: len: 8
>>> 090318 11:41:19 20753 secpwd_SaveCreds: Entry for tag:
>>> bbockelmnocern3_1 updated in cache
>>> 090318 11:41:19 20753 sut_Cache::Flush: Cache flushed to file
>>> /uscms/home/bbockelm/.xrd/pwdadmin (1 entries updated / written)
>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdResponse:
>>> 0100 sending OK
>>> 090318 11:41:19 20753 XrootdXeq: bbockelmn.2466:[log in to unmask] login
>>> as bbockelmnocern3
>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol:
>>> 0100 req=3010 dlen=136
>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol:
>>> 0100 open rt
>>> /cmsfs/lfns/store/relval/CMSSW_2_2_1/RelValTTbar/GEN-SIM-RECO/STARTUP_V7_LowLumiPileUp_v1/0004/EC41ED67-E5C6-DD11-97A2-000423D9989E.root
>>>
>>>
>>> On Mar 10, 2009, at 9:26 AM, Fabrizio Furano wrote:
>>>
>>>> Hi,
>>>>
>>>> I guess that this needs a new XrdSec plugin to be written. Probably
>>>> the secunix one could be a good starting point.
>>>>
>>>> Fabrizio
>>>>
>>>>
>>>> Brian Bockelman ha scritto:
>>>>> Hey Xrootd folks (hope I ended up on the right list),
>>>>> I'd like to hook xrootd into our local-site authentication
>>>>> methods. We currently keep all our user/passwords in a htpasswd
>>>>> file, as generated by apache. What's the best way to have the
>>>>> server read the data from that file and use it for authentication?
>>>>> Brian
>>>
>>
>>
>> --
>> +--------------------------------------------------------------------------+
>>
>> Gerardo GANIS PH Department, CERN
>> address CERN, CH 1211 Geneve 23 room:
>> 32-RC-017, tel / fax: +412276 76439 / 69133
>> e-mail [log in to unmask]
>> +--------------------------------------------------------------------------+
>>
|