Hi Brian, Sorry for the somewhat late reply. The problem should now be fixed in the CVS head. We can create a new tarball if that is a convenient way for you to test the fix. Let me know, Gerri Brian Bockelman wrote: > Hey Gerri, > > Any updates on this? > > Brian > > On Mar 19, 2009, at 12:14 PM, Brian Bockelman wrote: > >> Hey Gerardo, >> >> Here's the tarball I found from the xrootd homepage >> >> xrootd-20080828-1632.src.tgz >> >> Brian >> >> On Mar 19, 2009, at 12:08 PM, Gerardo Ganis wrote: >> >>> >>> Hi Brian, >>> >>> I managed to reproduce the problem: the file is read but for some >>> reason the cache is not >>> really updated (0 entries updated); this sounds like a bug. I will >>> try to understand whether >>> there is any work around to re-starting the server. >>> >>> By default the client should not cache anything; it does cache the >>> relevant info if you set >>> the env XrdSecPWDAUTOLOG to 1 . You can check the client cache by >>> running >>> >>> xrdpwdadmin -m netrc >>> >>> Cheers, Gerri >>> >>> PS: what version of XROOTD are you running? >>> >>> Brian Bockelman wrote: >>>> Hey Fabrizio, >>>> >>>> I went back with our folks, and we've come up with an acceptable >>>> solution (I don't really want to force all our users out there to >>>> get a new module!) >>>> >>>> Basically, they log into a web interface using the current auth >>>> scheme and it generates a one-time password for them. They are >>>> given the one-time password and the first time they use it, they >>>> change it. >>>> >>>> HOWEVER, it appears that users added with xrdpwdadmin can't >>>> effectively use xrootd until the daemon is restarted. >>>> >>>> Here's the command I use, for example: >>>> >>>> xrdpwdadmin add bbockelmnocern3 -force -dontask >>>> >>>> I then take the generated password and try to use it. The server >>>> logs are below. The user output look like this (gDebug=5, removing >>>> un-interesting stuff): >>>> >>>> Password for [log in to unmask]:cmsfilemover: >>>> Info in <TXNetFile::Open>: remote file could not be open >>>> Info in <TXNetFile::CreateXClient>: remote file could not be open >>>> Error in <TXNetFile::CreateXClient>: open attempt failed on >>>> root:[log in to unmask] >>>> >>>> >>>> If I then restart the xrootd server, things work. In fact, after >>>> restarting the xrootd server, the client no longer asks me for the >>>> temporary password (I assume it saved it to the client's cache?) >>>> and just asks me to change the password. >>>> >>>> It appears that the xrootd server is claiming in the logs it has >>>> reloaded the cached authentication file, but this reloading failed >>>> to work. >>>> >>>> Brian >>>> >>>> First attempt: >>>> >>>> 090318 11:39:00 001 XrdInet: Accepted connection from [log in to unmask] >>>> 090318 11:39:00 20699 XrdSched: running ?:[log in to unmask] inq=0 >>>> 090318 11:39:00 20699 XrdProtocol: matched protocol xrootd >>>> 090318 11:39:00 20699 ?:[log in to unmask] XrdPoll: FD 27 attached to >>>> poller 0; num=1 >>>> 090318 11:39:00 20699 ?:[log in to unmask] XrootdProtocol: 0100 >>>> req=3007 dlen=0 >>>> 090318 11:39:00 20699 sec_getParms: red.unl.edu >>>> sectoken=&P=pwd,v:10100,id:cmsfilemover,c:ssl >>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdResponse: >>>> 0100 sending 52 data bytes; status=0 >>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol: >>>> 0100 req=3000 dlen=254 >>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: constructing: host: >>>> red.unl.edu >>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: p: pwd, plen: 4 >>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: mode: server >>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: object created: v.. >>>> 090318 11:39:00 20699 secpwd_Authenticate: handshaking ID: >>>> bbockelmn.4519:[log in to unmask] >>>> 090318 11:39:00 20699 secpwd_ParseCrypto: parsing list: ssl >>>> 090318 11:39:00 20699 crypto_Factory::GetCryptoFactory: ssl crypto >>>> factory object already loaded (0x7f7faf664960) >>>> 090318 11:39:00 20699 secpwd_Authenticate: version run by client: >>>> 10100 >>>> 090318 11:39:00 20699 secpwd_CheckRtag: Nothing to check >>>> 090318 11:39:00 20699 secpwd_CheckTimeStamp: Nothing to do >>>> 090318 11:39:00 20699 sut_Rndm::GetString: enter: len: 8 (type: Crypt) >>>> 090318 11:39:00 20699 sut_Rndm::GetString: got: V9JGOZzx >>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol: >>>> 0100 more auth requested; sz=103 >>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] XrootdResponse: >>>> 0100 sending 103 data bytes; status=4002 >>>> 090318 11:39:03 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol: >>>> 0100 request timeout; read 0 of 24 bytes >>>> 090318 11:39:03 20699 XrdPoll: Poller 0 enabled >>>> bbockelmn.4519:[log in to unmask] >>>> 090318 11:39:11 20699 XrdSched: running >>>> bbockelmn.4519:[log in to unmask] inq=0 >>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol: >>>> 0100 req=3000 dlen=167 >>>> 090318 11:39:11 20699 secpwd_Authenticate: handshaking ID: >>>> bbockelmn.4519:[log in to unmask] >>>> 090318 11:39:11 20699 secpwd_ParseCrypto: parsing list: ssl >>>> 090318 11:39:11 20699 crypto_Factory::GetCryptoFactory: ssl crypto >>>> factory object already loaded (0x7f7faf664960) >>>> 090318 11:39:11 20699 secpwd_Authenticate: version run by client: >>>> 10100 >>>> 090318 11:39:11 20699 secpwd_CheckRtag: Random tag successfully >>>> checked >>>> 090318 11:39:11 20699 secpwd_CheckTimeStamp: Nothing to do >>>> 090318 11:39:11 20699 secpwd_QueryUser: Enter: bbockelmnocern3 >>>> 090318 11:39:11 20699 sut_Cache::Rehash: Hash table updated (found >>>> 11 active entries) >>>> 090318 11:39:11 20699 sut_Cache::Refresh: Cache refreshed from file >>>> /uscms/home/bbockelm/.xrd/pwdadmin (0 entries updated) >>>> 090318 11:39:11 20699 secpwd_ErrF: Secpwd: wrong credentials: : >>>> user : bbockelmnocern3: kXPC_normal >>>> 090318 11:39:11 20699 XrootdXeq: User authentication failed; >>>> Secpwd: wrong credentials: : user : bbockelmnocern3: kXPC_normal >>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdResponse: >>>> 0100 sending err 3010: Secpwd: wrong credentials: : user : >>>> bbockelmnocern3: kXPC_normal >>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdProtocol: >>>> 0100 req=3010 dlen=136 >>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrootdResponse: >>>> 0100 sending err 3006: Invalid request; user not authenticated >>>> 090318 11:39:11 20699 XrootdXeq: bbockelmn.4519:[log in to unmask] disc >>>> 0:00:11 >>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrdPoll: FD 27 >>>> detached from poller 0; num=0 >>>> >>>> Second attempt: >>>> >>>> 090318 11:40:59 001 XrdInet: Accepted connection from [log in to unmask] >>>> 090318 11:40:59 20753 XrdSched: running ?:[log in to unmask] inq=0 >>>> 090318 11:40:59 20753 XrdProtocol: matched protocol xrootd >>>> 090318 11:40:59 20753 ?:[log in to unmask] XrdPoll: FD 26 attached to >>>> poller 0; num=1 >>>> 090318 11:40:59 20753 ?:[log in to unmask] XrootdProtocol: 0100 >>>> req=3007 dlen=0 >>>> 090318 11:40:59 20753 sec_getParms: red.unl.edu >>>> sectoken=&P=pwd,v:10100,id:cmsfilemover,c:ssl >>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdResponse: >>>> 0100 sending 52 data bytes; status=0 >>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: >>>> 0100 req=3000 dlen=254 >>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: constructing: host: >>>> red.unl.edu >>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: p: pwd, plen: 4 >>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: mode: server >>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: object created: v.. >>>> 090318 11:40:59 20753 secpwd_Authenticate: handshaking ID: >>>> bbockelmn.2466:[log in to unmask] >>>> 090318 11:40:59 20753 secpwd_ParseCrypto: parsing list: ssl >>>> 090318 11:40:59 20753 crypto_Factory::GetCryptoFactory: ssl crypto >>>> factory object already loaded (0x7fe2fb8a8960) >>>> 090318 11:40:59 20753 secpwd_Authenticate: version run by client: >>>> 10100 >>>> 090318 11:40:59 20753 secpwd_CheckRtag: Nothing to check >>>> 090318 11:40:59 20753 secpwd_CheckTimeStamp: Nothing to do >>>> 090318 11:40:59 20753 sut_Rndm::GetString: enter: len: 8 (type: Crypt) >>>> 090318 11:40:59 20753 sut_Rndm::Init: taking seed from /dev/urandom >>>> 090318 11:40:59 20753 sut_Rndm::GetString: got: .8lrX3bS >>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: >>>> 0100 more auth requested; sz=103 >>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdResponse: >>>> 0100 sending 103 data bytes; status=4002 >>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: >>>> 0100 req=3000 dlen=167 >>>> 090318 11:40:59 20753 secpwd_Authenticate: handshaking ID: >>>> bbockelmn.2466:[log in to unmask] >>>> 090318 11:40:59 20753 secpwd_ParseCrypto: parsing list: ssl >>>> 090318 11:40:59 20753 crypto_Factory::GetCryptoFactory: ssl crypto >>>> factory object already loaded (0x7fe2fb8a8960) >>>> 090318 11:40:59 20753 secpwd_Authenticate: version run by client: >>>> 10100 >>>> 090318 11:40:59 20753 secpwd_CheckRtag: Random tag successfully >>>> checked >>>> 090318 11:40:59 20753 secpwd_CheckTimeStamp: Nothing to do >>>> 090318 11:40:59 20753 secpwd_QueryUser: Enter: bbockelmnocern3 >>>> 090318 11:40:59 20753 sut_Cache::Refresh: cached information for >>>> file /uscms/home/bbockelm/.xrd/pwdadmin is up-to-date >>>> 090318 11:41:00 20753 secpwd_ExportCreds: File (template) undefined >>>> - do nothing >>>> 090318 11:41:00 20753 secpwd_Authenticate: WARNING: some problem >>>> exporting creds to file; template is : >>>> 090318 11:41:00 20753 sut_Rndm::GetString: enter: len: 8 (type: Crypt) >>>> 090318 11:41:00 20753 sut_Rndm::GetString: got: 8SVtIe9a >>>> 090318 11:41:00 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: >>>> 0100 more auth requested; sz=127 >>>> 090318 11:41:00 20753 bbockelmn.2466:[log in to unmask] XrootdResponse: >>>> 0100 sending 127 data bytes; status=4002 >>>> 090318 11:41:03 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: >>>> 0100 request timeout; read 0 of 24 bytes >>>> 090318 11:41:03 20753 XrdPoll: Poller 0 enabled >>>> bbockelmn.2466:[log in to unmask] >>>> 090318 11:41:19 20753 XrdSched: running >>>> bbockelmn.2466:[log in to unmask] inq=0 >>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: >>>> 0100 req=3000 dlen=143 >>>> 090318 11:41:19 20753 secpwd_Authenticate: handshaking ID: >>>> bbockelmn.2466:[log in to unmask] >>>> 090318 11:41:19 20753 secpwd_ParseCrypto: parsing list: ssl >>>> 090318 11:41:19 20753 crypto_Factory::GetCryptoFactory: ssl crypto >>>> factory object already loaded (0x7fe2fb8a8960) >>>> 090318 11:41:19 20753 secpwd_Authenticate: version run by client: >>>> 10100 >>>> 090318 11:41:19 20753 secpwd_CheckRtag: Random tag successfully >>>> checked >>>> 090318 11:41:19 20753 secpwd_CheckTimeStamp: Nothing to do >>>> 090318 11:41:19 20753 sut_Rndm::GetBuffer: enter: len: 8 >>>> 090318 11:41:19 20753 secpwd_SaveCreds: Entry for tag: >>>> bbockelmnocern3_1 updated in cache >>>> 090318 11:41:19 20753 sut_Cache::Flush: Cache flushed to file >>>> /uscms/home/bbockelm/.xrd/pwdadmin (1 entries updated / written) >>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdResponse: >>>> 0100 sending OK >>>> 090318 11:41:19 20753 XrootdXeq: bbockelmn.2466:[log in to unmask] >>>> login as bbockelmnocern3 >>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: >>>> 0100 req=3010 dlen=136 >>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] XrootdProtocol: >>>> 0100 open rt >>>> /cmsfs/lfns/store/relval/CMSSW_2_2_1/RelValTTbar/GEN-SIM-RECO/STARTUP_V7_LowLumiPileUp_v1/0004/EC41ED67-E5C6-DD11-97A2-000423D9989E.root >>>> >>>> >>>> On Mar 10, 2009, at 9:26 AM, Fabrizio Furano wrote: >>>> >>>>> Hi, >>>>> >>>>> I guess that this needs a new XrdSec plugin to be written. >>>>> Probably the secunix one could be a good starting point. >>>>> >>>>> Fabrizio >>>>> >>>>> >>>>> Brian Bockelman ha scritto: >>>>>> Hey Xrootd folks (hope I ended up on the right list), >>>>>> I'd like to hook xrootd into our local-site authentication >>>>>> methods. We currently keep all our user/passwords in a htpasswd >>>>>> file, as generated by apache. What's the best way to have the >>>>>> server read the data from that file and use it for authentication? >>>>>> Brian >>>> >>> >>> >>> -- >>> +--------------------------------------------------------------------------+ >>> >>> Gerardo GANIS PH Department, CERN >>> address CERN, CH 1211 Geneve 23 room: >>> 32-RC-017, tel / fax: +412276 76439 / 69133 >>> e-mail [log in to unmask] >>> +--------------------------------------------------------------------------+ >>> >> > -- +--------------------------------------------------------------------------+ Gerardo GANIS PH Department, CERN address CERN, CH 1211 Geneve 23 room: 32-RC-017, tel / fax: +412276 76439 / 69133 e-mail [log in to unmask] +--------------------------------------------------------------------------+