[Adding David Smith since he may want to know this ...]
Hi Gerri,
I am having trouble getting it to work. On RHEL5-64, I compiled xrootd git head with gcc 4.3 and use the .so you compiled. Here is my config file:
all.export /xrootd/atlas r/o
all.role server
xrootd.async off
xrootd.seclib /afs/slac.stanford.edu/package/xrootd/githead/amd64_rhel50/src/libXrdSec.so
sec.protparm gsi -vomsfun:/etc/xrootd/libXrdSecgsiVOMS.so.1 -vomsfunparms:grpopt=0|certfmt=raw|vos=atlas|dbg
sec.protocol /afs/slac.stanford.edu/package/xrootd/githead/amd64_rhel50/src gsi -ca:1 -crl:3
acc.authdb /etc/xrootd/auth_file
acc.authrefresh 60
ofs.authorize
here is my proxy info (I tried a proxy created locally using VOMS 1.8.8 and a proxy created at CERN using VOMS 2.0.8).
subject : /DC=org/DC=doegrids/OU=People/CN=Wei Yang 74203/CN=proxy
issuer : /DC=org/DC=doegrids/OU=People/CN=Wei Yang 74203
identity : /DC=org/DC=doegrids/OU=People/CN=Wei Yang 74203
type : proxy
strength : 1024 bits
path : /tmp/x509up_u2353
timeleft : 11:58:22
=== VO atlas extension information ===
VO : atlas
subject : /DC=org/DC=doegrids/OU=People/CN=Wei Yang 74203
issuer : /DC=ch/DC=cern/OU=computers/CN=lcg-voms.cern.ch
attribute : /atlas/Role=NULL/Capability=NULL
attribute : /atlas/lcg1/Role=NULL/Capability=NULL
attribute : /atlas/usatlas/Role=NULL/Capability=NULL
attribute : nickname = yangw (atlas)
timeleft : 11:58:22
uri : lcg-voms.cern.ch:15001
Here is the $X509_VOMS_DIR
[yangw@atl-prod08 xrootd]$ ls -l $X509_VOMS_DIR
total 68
-rw-r--r-- 1 yangw sf 69 Feb 16 2010 README
drwxr-xr-x 2 yangw sf 2048 Nov 25 2011 atlas/
-rw-r--r-- 1 yangw sf 1440 Feb 2 2010 cert-voms-01.cnaf.infn.it.pem
-rw-r--r-- 1 yangw sf 1440 Feb 2 2010 cert-voms-01.cnaf.infn.it.pem.1
-rw-r--r-- 1 yangw sf 1424 Feb 2 2010 cert-voms-01.cnaf.infn.it.pem.2
-rw-r--r-- 1 yangw sf 1436 Feb 2 2010 grid12.lal.in2p3.fr.pem
-rw-r--r-- 1 yangw sf 5154 Feb 2 2010 mu4.matrix.sara.nl.pem
-rw-r--r-- 1 yangw sf 1419 Feb 2 2010 voms-01.pd.infn.it.pem
-rw-r--r-- 1 yangw sf 1419 Feb 2 2010 voms-01.pd.infn.it.pem.1
-rw-r--r-- 1 yangw sf 1420 Feb 2 2010 voms-01.pd.infn.it.pem.2
-rw-r--r-- 1 yangw sf 1419 Feb 2 2010 voms-02.pd.infn.it.pem
-rw-r--r-- 1 yangw sf 1419 Feb 2 2010 voms-02.pd.infn.it.pem.1
-rw-r--r-- 1 yangw sf 1420 Feb 2 2010 voms-02.pd.infn.it.pem.2
-rw-r--r-- 1 yangw sf 1419 Feb 2 2010 voms.cnaf.infn.it.pem
-rw-r--r-- 1 yangw sf 1419 Feb 2 2010 voms.cnaf.infn.it.pem.1
-rw-r--r-- 1 yangw sf 1419 Feb 2 2010 voms.cnaf.infn.it.pem.2
-rw-r--r-- 1 yangw sf 1399 Feb 2 2010 voms.cnaf.infn.it.pem.3
-rw-r--r-- 1 yangw sf 1484 Feb 2 2010 voms.fnal.gov.pem
-rw-r--r-- 1 yangw sf 1298 Feb 2 2010 voms.fnal.gov.pem.1
-rw-r--r-- 1 yangw sf 1651 Feb 2 2010 voms.grid.sara.nl.pem
-rw-r--r-- 1 yangw sf 5152 Feb 2 2010 voms.grid.sara.nl.pem.1
-rw-r--r-- 1 yangw sf 1793 Feb 2 2010 voms.grid.sinica.edu.tw.pem
-rw-r--r-- 1 yangw sf 1842 Feb 2 2010 voms.gridpp.ac.uk.pem
-rw-r--r-- 1 yangw sf 1843 Feb 2 2010 voms.gridpp.ac.uk.pem.1
-rw-r--r-- 1 yangw sf 2138 Feb 2 2010 voms.gridpp.ac.uk.pem.2
-rw-r--r-- 1 yangw sf 1472 Feb 2 2010 voms.research-infrastructures.eu.pem
-rw-r--r-- 1 yangw sf 1472 Feb 2 2010 voms.research-infrastructures.eu.pem.1
-rw-r--r-- 1 yangw sf 1424 Feb 2 2010 voms2.cnaf.infn.it.pem
-rw-r--r-- 1 yangw sf 1424 Feb 2 2010 voms2.cnaf.infn.it.pem.1
-rw-r--r-- 1 yangw sf 1404 Feb 2 2010 voms2.cnaf.infn.it.pem.2
And here is the log file:
X509Chain::Dump://------------------Dumping X509 chain content ------------------//
X509Chain::Dump://
X509Chain::Dump:// Chain instance: 0x8eeb7d0
X509Chain::Dump://
X509Chain::Dump:// Number of certificates: 3
X509Chain::Dump://
X509Chain::Dump:// CA: /DC=org/DC=DOEGrids/OU=Certificate Authorities/CN=DOEGrids CA 1
X509Chain::Dump:// EEC: /DC=org/DC=doegrids/OU=People/CN=Wei Yang 74203
X509Chain::Dump://
X509Chain::Dump:// Issuer: d1b603c3.0 Subject: 1c3f2ca8.0 Type: CA
X509Chain::Dump:// Issuer: 1c3f2ca8.0 Subject: 684536c7.0 Type: EEC
X509Chain::Dump:// Issuer: 684536c7.0 Subject: f81adb11.0 Type: Proxy
X509Chain::Dump://
X509Chain::Dump://---------------------------- END ------------------------------//
130204 11:02:36 14262 crypto_X509::Dump: +++++++++++++++ X509 dump +++++++++++++++++++++++
130204 11:02:36 14262 crypto_X509::Dump: +
130204 11:02:36 14262 crypto_X509::Dump: + File:
130204 11:02:36 14262 crypto_X509::Dump: +
130204 11:02:36 14262 crypto_X509::Dump: + Type: Proxy
130204 11:02:36 14262 crypto_X509::Dump: + Serial Number: 283485584
130204 11:02:36 14262 crypto_X509::Dump: + Subject: /DC=org/DC=doegrids/OU=People/CN=Wei Yang 74203/CN=proxy
130204 11:02:36 14262 crypto_X509::Dump: + Subject hash: f81adb11.0
130204 11:02:36 14262 crypto_X509::Dump: + Issuer: /DC=org/DC=doegrids/OU=People/CN=Wei Yang 74203
130204 11:02:36 14262 crypto_X509::Dump: + Issuer hash: 684536c7.0
130204 11:02:36 14262 crypto_X509::Dump: + Validity:
130204 11:02:36 14262 crypto_X509::Dump: + NotBefore: 1360032944 UTC - Mon Feb 4 18:55:44 2013
130204 11:02:36 14262 crypto_X509::Dump: + NotAfter: 1360076444 UTC - Tue Feb 5 07:00:44 2013
130204 11:02:36 14262 crypto_X509::Dump: +
130204 11:02:36 14262 crypto_X509::Dump: + PKI: Public
130204 11:02:36 14262 crypto_X509::Dump: +
130204 11:02:36 14262 crypto_X509::Dump: +++++++++++++++++++++++++++++++++++++++++++++++++
130204 11:02:36 14262 secgsi_VOMSFun: xrc: 1
130204 11:02:36 14262 secgsi_VOMSFun: NOT OK: Cannot discover holder from certificate chain!
130204 11:02:36 14262 secgsi_VOMSFun: WARNING: no VO found! (VOMS attributes: '')
130204 11:02:36 14262 XrootdXeq: yangw.27906:22@atlint01 login as 684536c7.0
130204 11:02:41 14262 XrootdXeq: yangw.27906:22@atlint01 disc 0:00:05
I am not sure what the 4th line from the bottom mean.
regards,
Wei Yang | [log in to unmask] | 650-926-3338(O)
On Feb 4, 2013, at 9:42 AM, Gerardo Ganis wrote:
>
> Hi,
>
> This is the status of things:
>
> The plug-in is available for test at
> 'https://github.com/gganis/voms.git' from where you can download
> the sources. Binaries for SLC5 (x86_64, gcc-4.1, gcc 4.3) and SLC6
> (x86_64, gcc-4.6) are available under
>
> /afs/cern.ch/work/g/ganis/public/vomsxrd/vomsxrd-0.0.1
>
> (README and examples under /afs/cern.ch/work/g/ganis/public/vomsxrd).
>
> With the following caveats:
>
> 1. The builds require VOMS 2.0.8 which, if I understand
> correctly, is a not (yet?) available in OSG
> 2. Unfortunately the backport of the vomsfun functionality was
> not complete in the 3.2.x stable branch,
> so to use the plug-in you have either to use the HEAD of the
> 'stable' branch or 3.3.x-rc1 .
> RPMs for the stable branch are available from the Teamcity
> portal:
>
> https://teamcity-dss.cern.ch:8443/project.html?projectId=project13&tab=projectOverview
>
> Can you please let me know if you can try this out or what you miss
> to be able to try?
>
> Gerri
>
>
>
>
> On 1/31/13 7:19 PM, Yang, Wei wrote:
>> I haven't get it to work yet. I am communicating with the developer.
>>
>> regards,
>> Wei Yang | [log in to unmask] | 650-926-3338(O)
>>
>>
>> On Jan 31, 2013, at 2:28 AM, Tommaso Boccali wrote:
>>
>>> Follow-up Comment #2, sr #135141 (project xrootd):
>>>
>>> ciao, news on that plugin?
>>>
>>> thanks
>>>
>>> tom
>>>
>>> _______________________________________________________
>>>
>>> Reply to this item at:
>>>
>>> <http://savannah.cern.ch/support/?135141>
>>>
>>> _______________________________________________
>>> Message sent via/by LCG Savannah
>>> http://savannah.cern.ch/
>>>
>
>
> --
> +--------------------------------------------------------------------------+
> Gerardo GANIS CERN, PH Dept, SFT group, CH 1211 Geneve 23
> room: 32-RC-006, tel: +41 22 7676439
> email: [log in to unmask], fax: +41 22 7669133
> +--------------------------------------------------------------------------+
>
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
|