LISTSERV 16.5 - XROOTD-L Archives

    Hi Brian,

    Sorry for the somewhat late reply.
    The problem should now be fixed in the CVS head.
    We can create a new tarball if that is a convenient way for you to 
test the fix.

    Let me know,

    Gerri


Brian Bockelman wrote:
> Hey Gerri,
>
> Any updates on this?
>
> Brian
>
> On Mar 19, 2009, at 12:14 PM, Brian Bockelman wrote:
>
>> Hey Gerardo,
>>
>> Here's the tarball I found from the xrootd homepage
>>
>> xrootd-20080828-1632.src.tgz
>>
>> Brian
>>
>> On Mar 19, 2009, at 12:08 PM, Gerardo Ganis wrote:
>>
>>>
>>>  Hi Brian,
>>>
>>>  I managed to reproduce the problem: the file is read but for some 
>>> reason the cache is not
>>>  really updated (0 entries updated); this sounds like a bug. I will 
>>> try to understand whether
>>>  there is any work around to re-starting the server.
>>>
>>>  By default the client should not cache anything; it does cache  the 
>>> relevant info if you  set
>>>  the env XrdSecPWDAUTOLOG to 1 . You can check the client cache  by 
>>> running
>>>
>>>     xrdpwdadmin -m netrc
>>>
>>>  Cheers, Gerri
>>>
>>>  PS:  what version of XROOTD are you running?
>>>
>>> Brian Bockelman wrote:
>>>> Hey Fabrizio,
>>>>
>>>> I went back with our folks, and we've come up with an acceptable 
>>>> solution (I don't really want to force all our users out there to 
>>>> get a new module!)
>>>>
>>>> Basically, they log into a web interface using the current auth 
>>>> scheme and it generates a one-time password for them.  They are 
>>>> given the one-time password and the first time they use it, they 
>>>> change it.
>>>>
>>>> HOWEVER, it appears that users added with xrdpwdadmin can't 
>>>> effectively use xrootd until the daemon is restarted.
>>>>
>>>> Here's the command I use, for example:
>>>>
>>>> xrdpwdadmin add bbockelmnocern3 -force -dontask
>>>>
>>>> I then take the generated password and try to use it.  The server 
>>>> logs are below.  The user output look like this (gDebug=5, removing 
>>>> un-interesting stuff):
>>>>
>>>> Password for [log in to unmask]:cmsfilemover:
>>>> Info in <TXNetFile::Open>: remote file could not be open
>>>> Info in <TXNetFile::CreateXClient>: remote file could not be open
>>>> Error in <TXNetFile::CreateXClient>: open attempt failed on 
>>>> root:[log in to unmask] 
>>>>
>>>>
>>>> If I then restart the xrootd server, things work.  In fact, after 
>>>> restarting the xrootd server, the client no longer asks me for the 
>>>> temporary password (I assume it saved it to the client's cache?) 
>>>> and just asks me to change the password.
>>>>
>>>> It appears that the xrootd server is claiming in the logs it has 
>>>> reloaded the cached authentication file, but this reloading failed 
>>>> to work.
>>>>
>>>> Brian
>>>>
>>>> First attempt:
>>>>
>>>> 090318 11:39:00 001 XrdInet: Accepted connection from [log in to unmask]
>>>> 090318 11:39:00 20699 XrdSched: running ?:[log in to unmask] inq=0
>>>> 090318 11:39:00 20699 XrdProtocol: matched protocol xrootd
>>>> 090318 11:39:00 20699 ?:[log in to unmask] XrdPoll: FD 27 attached to 
>>>> poller 0; num=1
>>>> 090318 11:39:00 20699 ?:[log in to unmask] XrootdProtocol: 0100 
>>>> req=3007 dlen=0
>>>> 090318 11:39:00 20699 sec_getParms: red.unl.edu 
>>>> sectoken=&P=pwd,v:10100,id:cmsfilemover,c:ssl
>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdResponse: 
>>>> 0100 sending 52 data bytes; status=0
>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol: 
>>>> 0100 req=3000 dlen=254
>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: constructing: host: 
>>>> red.unl.edu
>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: p: pwd, plen: 4
>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: mode: server
>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: object created: v..
>>>> 090318 11:39:00 20699 secpwd_Authenticate: handshaking ID: 
>>>> bbockelmn.4519:[log in to unmask]
>>>> 090318 11:39:00 20699 secpwd_ParseCrypto: parsing list: ssl
>>>> 090318 11:39:00 20699 crypto_Factory::GetCryptoFactory: ssl crypto 
>>>> factory object already loaded (0x7f7faf664960)
>>>> 090318 11:39:00 20699 secpwd_Authenticate: version run by client: 
>>>> 10100
>>>> 090318 11:39:00 20699 secpwd_CheckRtag: Nothing to check
>>>> 090318 11:39:00 20699 secpwd_CheckTimeStamp: Nothing to do
>>>> 090318 11:39:00 20699 sut_Rndm::GetString: enter: len: 8 (type: Crypt)
>>>> 090318 11:39:00 20699 sut_Rndm::GetString: got: V9JGOZzx
>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol: 
>>>> 0100 more auth requested; sz=103
>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdResponse: 
>>>> 0100 sending 103 data bytes; status=4002
>>>> 090318 11:39:03 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol: 
>>>> 0100 request timeout; read 0 of 24 bytes
>>>> 090318 11:39:03 20699 XrdPoll: Poller 0 enabled 
>>>> bbockelmn.4519:[log in to unmask]
>>>> 090318 11:39:11 20699 XrdSched: running 
>>>> bbockelmn.4519:[log in to unmask] inq=0
>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol: 
>>>> 0100 req=3000 dlen=167
>>>> 090318 11:39:11 20699 secpwd_Authenticate: handshaking ID: 
>>>> bbockelmn.4519:[log in to unmask]
>>>> 090318 11:39:11 20699 secpwd_ParseCrypto: parsing list: ssl
>>>> 090318 11:39:11 20699 crypto_Factory::GetCryptoFactory: ssl crypto 
>>>> factory object already loaded (0x7f7faf664960)
>>>> 090318 11:39:11 20699 secpwd_Authenticate: version run by client: 
>>>> 10100
>>>> 090318 11:39:11 20699 secpwd_CheckRtag: Random tag successfully 
>>>> checked
>>>> 090318 11:39:11 20699 secpwd_CheckTimeStamp: Nothing to do
>>>> 090318 11:39:11 20699 secpwd_QueryUser: Enter: bbockelmnocern3
>>>> 090318 11:39:11 20699 sut_Cache::Rehash: Hash table updated (found 
>>>> 11 active entries)
>>>> 090318 11:39:11 20699 sut_Cache::Refresh: Cache refreshed from file 
>>>> /uscms/home/bbockelm/.xrd/pwdadmin (0 entries updated)
>>>> 090318 11:39:11 20699 secpwd_ErrF: Secpwd: wrong credentials: : 
>>>> user : bbockelmnocern3: kXPC_normal
>>>> 090318 11:39:11 20699 XrootdXeq: User authentication failed; 
>>>> Secpwd: wrong credentials: : user : bbockelmnocern3: kXPC_normal
>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdResponse: 
>>>> 0100 sending err 3010: Secpwd: wrong credentials: : user : 
>>>> bbockelmnocern3: kXPC_normal
>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol: 
>>>> 0100 req=3010 dlen=136
>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdResponse: 
>>>> 0100 sending err 3006: Invalid request; user not authenticated
>>>> 090318 11:39:11 20699 XrootdXeq: bbockelmn.4519:[log in to unmask] disc 
>>>> 0:00:11
>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrdPoll: FD 27 
>>>> detached from poller 0; num=0
>>>>
>>>> Second attempt:
>>>>
>>>> 090318 11:40:59 001 XrdInet: Accepted connection from [log in to unmask]
>>>> 090318 11:40:59 20753 XrdSched: running ?:[log in to unmask] inq=0
>>>> 090318 11:40:59 20753 XrdProtocol: matched protocol xrootd
>>>> 090318 11:40:59 20753 ?:[log in to unmask] XrdPoll: FD 26 attached to 
>>>> poller 0; num=1
>>>> 090318 11:40:59 20753 ?:[log in to unmask] XrootdProtocol: 0100 
>>>> req=3007 dlen=0
>>>> 090318 11:40:59 20753 sec_getParms: red.unl.edu 
>>>> sectoken=&P=pwd,v:10100,id:cmsfilemover,c:ssl
>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdResponse: 
>>>> 0100 sending 52 data bytes; status=0
>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: 
>>>> 0100 req=3000 dlen=254
>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: constructing: host: 
>>>> red.unl.edu
>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: p: pwd, plen: 4
>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: mode: server
>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: object created: v..
>>>> 090318 11:40:59 20753 secpwd_Authenticate: handshaking ID: 
>>>> bbockelmn.2466:[log in to unmask]
>>>> 090318 11:40:59 20753 secpwd_ParseCrypto: parsing list: ssl
>>>> 090318 11:40:59 20753 crypto_Factory::GetCryptoFactory: ssl crypto 
>>>> factory object already loaded (0x7fe2fb8a8960)
>>>> 090318 11:40:59 20753 secpwd_Authenticate: version run by client: 
>>>> 10100
>>>> 090318 11:40:59 20753 secpwd_CheckRtag: Nothing to check
>>>> 090318 11:40:59 20753 secpwd_CheckTimeStamp: Nothing to do
>>>> 090318 11:40:59 20753 sut_Rndm::GetString: enter: len: 8 (type: Crypt)
>>>> 090318 11:40:59 20753 sut_Rndm::Init: taking seed from /dev/urandom
>>>> 090318 11:40:59 20753 sut_Rndm::GetString: got: .8lrX3bS
>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: 
>>>> 0100 more auth requested; sz=103
>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdResponse: 
>>>> 0100 sending 103 data bytes; status=4002
>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: 
>>>> 0100 req=3000 dlen=167
>>>> 090318 11:40:59 20753 secpwd_Authenticate: handshaking ID: 
>>>> bbockelmn.2466:[log in to unmask]
>>>> 090318 11:40:59 20753 secpwd_ParseCrypto: parsing list: ssl
>>>> 090318 11:40:59 20753 crypto_Factory::GetCryptoFactory: ssl crypto 
>>>> factory object already loaded (0x7fe2fb8a8960)
>>>> 090318 11:40:59 20753 secpwd_Authenticate: version run by client: 
>>>> 10100
>>>> 090318 11:40:59 20753 secpwd_CheckRtag: Random tag successfully 
>>>> checked
>>>> 090318 11:40:59 20753 secpwd_CheckTimeStamp: Nothing to do
>>>> 090318 11:40:59 20753 secpwd_QueryUser: Enter: bbockelmnocern3
>>>> 090318 11:40:59 20753 sut_Cache::Refresh: cached information for 
>>>> file /uscms/home/bbockelm/.xrd/pwdadmin is up-to-date
>>>> 090318 11:41:00 20753 secpwd_ExportCreds: File (template) undefined 
>>>> - do nothing
>>>> 090318 11:41:00 20753 secpwd_Authenticate: WARNING: some problem 
>>>> exporting creds to file; template is :
>>>> 090318 11:41:00 20753 sut_Rndm::GetString: enter: len: 8 (type: Crypt)
>>>> 090318 11:41:00 20753 sut_Rndm::GetString: got: 8SVtIe9a
>>>> 090318 11:41:00 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: 
>>>> 0100 more auth requested; sz=127
>>>> 090318 11:41:00 20753 bbockelmn.2466:[log in to unmask] XrootdResponse: 
>>>> 0100 sending 127 data bytes; status=4002
>>>> 090318 11:41:03 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: 
>>>> 0100 request timeout; read 0 of 24 bytes
>>>> 090318 11:41:03 20753 XrdPoll: Poller 0 enabled 
>>>> bbockelmn.2466:[log in to unmask]
>>>> 090318 11:41:19 20753 XrdSched: running 
>>>> bbockelmn.2466:[log in to unmask] inq=0
>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: 
>>>> 0100 req=3000 dlen=143
>>>> 090318 11:41:19 20753 secpwd_Authenticate: handshaking ID: 
>>>> bbockelmn.2466:[log in to unmask]
>>>> 090318 11:41:19 20753 secpwd_ParseCrypto: parsing list: ssl
>>>> 090318 11:41:19 20753 crypto_Factory::GetCryptoFactory: ssl crypto 
>>>> factory object already loaded (0x7fe2fb8a8960)
>>>> 090318 11:41:19 20753 secpwd_Authenticate: version run by client: 
>>>> 10100
>>>> 090318 11:41:19 20753 secpwd_CheckRtag: Random tag successfully 
>>>> checked
>>>> 090318 11:41:19 20753 secpwd_CheckTimeStamp: Nothing to do
>>>> 090318 11:41:19 20753 sut_Rndm::GetBuffer: enter: len: 8
>>>> 090318 11:41:19 20753 secpwd_SaveCreds: Entry for tag: 
>>>> bbockelmnocern3_1 updated in cache
>>>> 090318 11:41:19 20753 sut_Cache::Flush: Cache flushed to file 
>>>> /uscms/home/bbockelm/.xrd/pwdadmin (1 entries updated / written)
>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdResponse: 
>>>> 0100 sending OK
>>>> 090318 11:41:19 20753 XrootdXeq: bbockelmn.2466:[log in to unmask] 
>>>> login as bbockelmnocern3
>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: 
>>>> 0100 req=3010 dlen=136
>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: 
>>>> 0100 open rt 
>>>> /cmsfs/lfns/store/relval/CMSSW_2_2_1/RelValTTbar/GEN-SIM-RECO/STARTUP_V7_LowLumiPileUp_v1/0004/EC41ED67-E5C6-DD11-97A2-000423D9989E.root 
>>>>
>>>>
>>>> On Mar 10, 2009, at 9:26 AM, Fabrizio Furano wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I guess that this needs a new XrdSec plugin to be written. 
>>>>> Probably the secunix one could be a good starting point.
>>>>>
>>>>> Fabrizio
>>>>>
>>>>>
>>>>> Brian Bockelman ha scritto:
>>>>>> Hey Xrootd folks (hope I ended up on the right list),
>>>>>> I'd like to hook xrootd into our local-site authentication 
>>>>>> methods.  We currently keep all our user/passwords in a htpasswd 
>>>>>> file, as generated by apache.  What's the best way to have the 
>>>>>> server read the data from that file and use it for authentication?
>>>>>> Brian
>>>>
>>>
>>>
>>> -- 
>>> +--------------------------------------------------------------------------+ 
>>>
>>> Gerardo GANIS    PH Department, CERN
>>>      address    CERN, CH 1211 Geneve 23                    room: 
>>> 32-RC-017, tel / fax: +412276 76439 / 69133
>>>       e-mail    [log in to unmask]
>>> +--------------------------------------------------------------------------+ 
>>>
>>
>


-- 
+--------------------------------------------------------------------------+
  Gerardo GANIS    PH Department, CERN
        address    CERN, CH 1211 Geneve 23  
                   room: 32-RC-017, tel / fax: +412276 76439 / 69133
         e-mail    [log in to unmask]
+--------------------------------------------------------------------------+