On 2/28/20 1:11 PM, Michal Kamil Simon wrote:
> Hi Adrian,
Hi!
> It's a feature not a bug ;-)
:))
> Now more seriously, if you detach your script from the terminal,
> it wont be prompted to give a password in order to create a
> new proxy cert (it will rather simply fail).
>
> To summarize, we check if stdin/stdout are attach to a terminal:
> https://github.com/xrootd/xrootd/blob/master/src/XrdSecgsi/XrdSecProtocolgsi.cc#L4793-L4796
> and only then we try to generate the proxy cert if it's absent,
> otherwise the client simply fails to authenticate.
ok, got it, but the main problem is that such a request is made!
why would an xrdfs query request a proxy cert?
I would like to deny any kind of proxy cert requests and throw an error
because i would say that if the server request a proxy cert than from
the perspective of ALICE usage, the server is mis-configured... so, i
would like to find out why this is requested and how to eliminate the
need of proxy cert.
Thanks a lot!!
Adrian
>
> Hope that helps.
>
> Cheers,
> Michal
> ________________________________________
> From: [log in to unmask] [[log in to unmask]] on behalf
> of Adrian Sevcenco [[log in to unmask]]
> Sent: 28 February 2020 10:54
> To: [log in to unmask]
> Subject: xrdfs :: request for x509 proxy???
>
> Hi! While doing an stat with xrdfs i encountered this :
>
> 200228 10:55:42 1030664 cryptossl_X509CreateProxy: Your identity:
> /DC=RO/DC=RomanianGRID/O=ISS/CN=Adrian SEVCENCO
> Enter PEM pass phrase:
>
> Why would the xrdfs ask to create proxy?
> Also, this happened when doing cp operation within python ..
>
> While on the issue of required or not i cannot say anything, the fact
> that i get a dialogue instead of a direct failure is a huge bug!!!
> It breaks any script that do automatic tasks or a sequence of tasks
>
> Thanks!
> Adrian
>
>
>
> ########################################################################
> Use REPLY-ALL to reply to list
>
> To unsubscribe from the XROOTD-L list, click the following link:
> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
--
----------------------------------------------
Adrian Sevcenco, Ph.D. |
Institute of Space Science - ISS, Romania |
adrian.sevcenco at {cern.ch,spacescience.ro} |
----------------------------------------------
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
|