Follow-up Comment #3, bug #87887 (project xrootd):
Hi,
On the remote node ascint1y:
here is the keytab file and contents
[root@ascint1y ~]# xrdsssadmin list /var/spool/xrootd/.xrd/sss.keytab
Number Len Date/Time Created Expires Keyname User & Group
------ --- --------- ------- -------- -------
1 32 10/07/11 14:09:02 -------- sss_keytab anybody atlas
with XrdSecDEBUG=1
mount -t fuse -a
gives:
root@ascint1y ~]# mount -t fuse -a
sec_Client: protocol request for host atlas21.hep.anl.gov
token='&P=unix&P=sss,0.13:'
sec_PM: Skipping unix only want sss
sec_PM: Loading sss protocol object from libXrdSecsss.so
sec_sss: Client keytab='/var/spool/xrootd/.xrd/sss.keytab'
sec_PM: Using sss protocol, args='0.13:'
sec_sss: Ret 151 bytes of credentials; k=1
sec_sss: Ret 151 bytes of credentials; k=1
sec_Client: protocol request for host atlas22.hep.anl.gov
token='&P=unix&P=sss,0.13:'
sec_PM: Skipping unix only want sss
sec_PM: Loading sss protocol object from libXrdSecsss.so
sec_sss: Client keytab='/var/spool/xrootd/.xrd/sss.keytab'
sec_PM: Using sss protocol, args='0.13:'
sec_sss: Ret 151 bytes of credentials; k=1
sec_sss: Ret 151 bytes of credentials; k=1
atlas22 (redirector machine) - remote xrootdfs mount
[root@atlas22 ~]# xrdsssadmin list /var/spool/xrootd/.xrd/sss.keytab
Number Len Date/Time Created Expires Keyname User & Group
------ --- --------- ------- -------- -------
1 32 10/07/11 14:09:02 -------- sss_keytab anybody atlas
This is a single nic machine with ntp running and the time consitent.
On the other remote mount machine (stand alone xrootd data server)
atlas8/atlas21 (dual nic machine)
bash-3.2$ xrdcp /local/home/xrootd/xrootd-copy-test.ascint1y
root://atlas22.hep.anl.gov//atlas/xrootd-copy-test.ascint1y
sec_Client: protocol request for host atlas22.hep.anl.gov
token='&P=unix&P=sss,0.13:'
sec_PM: Loading unix protocol object from libXrdSecunix.so
sec_PM: Using unix protocol, args=''
sec_Client: protocol request for host ascint1y.hep.anl.gov
token='&P=sss,0.13:&P=unix'
sec_PM: Loading sss protocol object from libXrdSecsss.so
sec_PM: Using sss protocol, args='0.13:'
sec_sss: Init_Client: Unable to determine keytab location.
sec_PM: Using unix protocol, args=''
[xrootd] Total 0.00 MB |====================| 100.00 % [inf MB/s]
bash-3.2$ xrdcp /local/home/xrootd/xrootd-copy-test.ascint1y
root://atlas21.hep.anl.gov//atlas/xrootd-copy-test.ascint1y
sec_Client: protocol request for host atlas21.hep.anl.gov
token='&P=unix&P=sss,0.13:'
sec_PM: Loading unix protocol object from libXrdSecunix.so
sec_PM: Using unix protocol, args=''
[xrootd] Total 0.00 MB |====================| 100.00 % [inf MB/s]
As you can see when copying files with xrdcp the unix command was used.
In each system here is the sss security line from the configuration file
sec.protocol /usr/lib64 sss -s /var/spool/xrootd/.xrd/sss.keytab
will now test with group security priv.
_______________________________________________________
Reply to this item at:
<http://savannah.cern.ch/bugs/?87887>
_______________________________________________
Message sent via/by LCG Savannah
http://savannah.cern.ch/
|