 |
 |
Yup, a tarball would be more convenient for me - I have only used tarballs from the website up to this point. Brian On Apr 9, 2009, at 2:42 AM, Gerardo Ganis wrote: > > Hi Brian, > > Sorry for the somewhat late reply. > The problem should now be fixed in the CVS head. > We can create a new tarball if that is a convenient way for you to > test the fix. > > Let me know, > > Gerri > > > Brian Bockelman wrote: >> Hey Gerri, >> >> Any updates on this? >> >> Brian >> >> On Mar 19, 2009, at 12:14 PM, Brian Bockelman wrote: >> >>> Hey Gerardo, >>> >>> Here's the tarball I found from the xrootd homepage >>> >>> xrootd-20080828-1632.src.tgz >>> >>> Brian >>> >>> On Mar 19, 2009, at 12:08 PM, Gerardo Ganis wrote: >>> >>>> >>>> Hi Brian, >>>> >>>> I managed to reproduce the problem: the file is read but for some >>>> reason the cache is not >>>> really updated (0 entries updated); this sounds like a bug. I >>>> will try to understand whether >>>> there is any work around to re-starting the server. >>>> >>>> By default the client should not cache anything; it does cache >>>> the relevant info if you set >>>> the env XrdSecPWDAUTOLOG to 1 . You can check the client cache >>>> by running >>>> >>>> xrdpwdadmin -m netrc >>>> >>>> Cheers, Gerri >>>> >>>> PS: what version of XROOTD are you running? >>>> >>>> Brian Bockelman wrote: >>>>> Hey Fabrizio, >>>>> >>>>> I went back with our folks, and we've come up with an acceptable >>>>> solution (I don't really want to force all our users out there >>>>> to get a new module!) >>>>> >>>>> Basically, they log into a web interface using the current auth >>>>> scheme and it generates a one-time password for them. They are >>>>> given the one-time password and the first time they use it, they >>>>> change it. >>>>> >>>>> HOWEVER, it appears that users added with xrdpwdadmin can't >>>>> effectively use xrootd until the daemon is restarted. >>>>> >>>>> Here's the command I use, for example: >>>>> >>>>> xrdpwdadmin add bbockelmnocern3 -force -dontask >>>>> >>>>> I then take the generated password and try to use it. The >>>>> server logs are below. The user output look like this >>>>> (gDebug=5, removing un-interesting stuff): >>>>> >>>>> Password for [log in to unmask]:cmsfilemover: >>>>> Info in <TXNetFile::Open>: remote file could not be open >>>>> Info in <TXNetFile::CreateXClient>: remote file could not be open >>>>> Error in <TXNetFile::CreateXClient>: open attempt failed on root:[log in to unmask] >>>>> //cmsfs/lfns/store/relval/CMSSW_2_2_1/RelValTTbar/GEN-SIM-RECO/ >>>>> STARTUP_V7_LowLumiPileUp_v1/0004/EC41ED67-E5C6- >>>>> DD11-97A2-000423D9989E.root >>>>> >>>>> If I then restart the xrootd server, things work. In fact, >>>>> after restarting the xrootd server, the client no longer asks me >>>>> for the temporary password (I assume it saved it to the client's >>>>> cache?) and just asks me to change the password. >>>>> >>>>> It appears that the xrootd server is claiming in the logs it has >>>>> reloaded the cached authentication file, but this reloading >>>>> failed to work. >>>>> >>>>> Brian >>>>> >>>>> First attempt: >>>>> >>>>> 090318 11:39:00 001 XrdInet: Accepted connection from [log in to unmask] >>>>> 090318 11:39:00 20699 XrdSched: running ?:[log in to unmask] inq=0 >>>>> 090318 11:39:00 20699 XrdProtocol: matched protocol xrootd >>>>> 090318 11:39:00 20699 ?:[log in to unmask] XrdPoll: FD 27 attached >>>>> to poller 0; num=1 >>>>> 090318 11:39:00 20699 ?:[log in to unmask] XrootdProtocol: 0100 >>>>> req=3007 dlen=0 >>>>> 090318 11:39:00 20699 sec_getParms: red.unl.edu >>>>> sectoken=&P=pwd,v:10100,id:cmsfilemover,c:ssl >>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] >>>>> XrootdResponse: 0100 sending 52 data bytes; status=0 >>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] >>>>> XrootdProtocol: 0100 req=3000 dlen=254 >>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: constructing: >>>>> host: red.unl.edu >>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: p: pwd, plen: 4 >>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: mode: server >>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: object created: >>>>> v.. >>>>> 090318 11:39:00 20699 secpwd_Authenticate: handshaking ID: >>>>> bbockelmn.4519:[log in to unmask] >>>>> 090318 11:39:00 20699 secpwd_ParseCrypto: parsing list: ssl >>>>> 090318 11:39:00 20699 crypto_Factory::GetCryptoFactory: ssl >>>>> crypto factory object already loaded (0x7f7faf664960) >>>>> 090318 11:39:00 20699 secpwd_Authenticate: version run by >>>>> client: 10100 >>>>> 090318 11:39:00 20699 secpwd_CheckRtag: Nothing to check >>>>> 090318 11:39:00 20699 secpwd_CheckTimeStamp: Nothing to do >>>>> 090318 11:39:00 20699 sut_Rndm::GetString: enter: len: 8 (type: >>>>> Crypt) >>>>> 090318 11:39:00 20699 sut_Rndm::GetString: got: V9JGOZzx >>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] >>>>> XrootdProtocol: 0100 more auth requested; sz=103 >>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] >>>>> XrootdResponse: 0100 sending 103 data bytes; status=4002 >>>>> 090318 11:39:03 20699 bbockelmn.4519:[log in to unmask] >>>>> XrootdProtocol: 0100 request timeout; read 0 of 24 bytes >>>>> 090318 11:39:03 20699 XrdPoll: Poller 0 enabled bbockelmn.4519:[log in to unmask] >>>>> 090318 11:39:11 20699 XrdSched: running bbockelmn.4519:[log in to unmask] >>>>> inq=0 >>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] >>>>> XrootdProtocol: 0100 req=3000 dlen=167 >>>>> 090318 11:39:11 20699 secpwd_Authenticate: handshaking ID: >>>>> bbockelmn.4519:[log in to unmask] >>>>> 090318 11:39:11 20699 secpwd_ParseCrypto: parsing list: ssl >>>>> 090318 11:39:11 20699 crypto_Factory::GetCryptoFactory: ssl >>>>> crypto factory object already loaded (0x7f7faf664960) >>>>> 090318 11:39:11 20699 secpwd_Authenticate: version run by >>>>> client: 10100 >>>>> 090318 11:39:11 20699 secpwd_CheckRtag: Random tag successfully >>>>> checked >>>>> 090318 11:39:11 20699 secpwd_CheckTimeStamp: Nothing to do >>>>> 090318 11:39:11 20699 secpwd_QueryUser: Enter: bbockelmnocern3 >>>>> 090318 11:39:11 20699 sut_Cache::Rehash: Hash table updated >>>>> (found 11 active entries) >>>>> 090318 11:39:11 20699 sut_Cache::Refresh: Cache refreshed from >>>>> file /uscms/home/bbockelm/.xrd/pwdadmin (0 entries updated) >>>>> 090318 11:39:11 20699 secpwd_ErrF: Secpwd: wrong credentials: : >>>>> user : bbockelmnocern3: kXPC_normal >>>>> 090318 11:39:11 20699 XrootdXeq: User authentication failed; >>>>> Secpwd: wrong credentials: : user : bbockelmnocern3: kXPC_normal >>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] >>>>> XrootdResponse: 0100 sending err 3010: Secpwd: wrong >>>>> credentials: : user : bbockelmnocern3: kXPC_normal >>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] >>>>> XrootdProtocol: 0100 req=3010 dlen=136 >>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] >>>>> XrootdResponse: 0100 sending err 3006: Invalid request; user not >>>>> authenticated >>>>> 090318 11:39:11 20699 XrootdXeq: bbockelmn.4519:[log in to unmask] >>>>> disc 0:00:11 >>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrdPoll: FD >>>>> 27 detached from poller 0; num=0 >>>>> >>>>> Second attempt: >>>>> >>>>> 090318 11:40:59 001 XrdInet: Accepted connection from [log in to unmask] >>>>> 090318 11:40:59 20753 XrdSched: running ?:[log in to unmask] inq=0 >>>>> 090318 11:40:59 20753 XrdProtocol: matched protocol xrootd >>>>> 090318 11:40:59 20753 ?:[log in to unmask] XrdPoll: FD 26 attached >>>>> to poller 0; num=1 >>>>> 090318 11:40:59 20753 ?:[log in to unmask] XrootdProtocol: 0100 >>>>> req=3007 dlen=0 >>>>> 090318 11:40:59 20753 sec_getParms: red.unl.edu >>>>> sectoken=&P=pwd,v:10100,id:cmsfilemover,c:ssl >>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdResponse: 0100 sending 52 data bytes; status=0 >>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdProtocol: 0100 req=3000 dlen=254 >>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: constructing: >>>>> host: red.unl.edu >>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: p: pwd, plen: 4 >>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: mode: server >>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: object created: >>>>> v.. >>>>> 090318 11:40:59 20753 secpwd_Authenticate: handshaking ID: >>>>> bbockelmn.2466:[log in to unmask] >>>>> 090318 11:40:59 20753 secpwd_ParseCrypto: parsing list: ssl >>>>> 090318 11:40:59 20753 crypto_Factory::GetCryptoFactory: ssl >>>>> crypto factory object already loaded (0x7fe2fb8a8960) >>>>> 090318 11:40:59 20753 secpwd_Authenticate: version run by >>>>> client: 10100 >>>>> 090318 11:40:59 20753 secpwd_CheckRtag: Nothing to check >>>>> 090318 11:40:59 20753 secpwd_CheckTimeStamp: Nothing to do >>>>> 090318 11:40:59 20753 sut_Rndm::GetString: enter: len: 8 (type: >>>>> Crypt) >>>>> 090318 11:40:59 20753 sut_Rndm::Init: taking seed from /dev/ >>>>> urandom >>>>> 090318 11:40:59 20753 sut_Rndm::GetString: got: .8lrX3bS >>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdProtocol: 0100 more auth requested; sz=103 >>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdResponse: 0100 sending 103 data bytes; status=4002 >>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdProtocol: 0100 req=3000 dlen=167 >>>>> 090318 11:40:59 20753 secpwd_Authenticate: handshaking ID: >>>>> bbockelmn.2466:[log in to unmask] >>>>> 090318 11:40:59 20753 secpwd_ParseCrypto: parsing list: ssl >>>>> 090318 11:40:59 20753 crypto_Factory::GetCryptoFactory: ssl >>>>> crypto factory object already loaded (0x7fe2fb8a8960) >>>>> 090318 11:40:59 20753 secpwd_Authenticate: version run by >>>>> client: 10100 >>>>> 090318 11:40:59 20753 secpwd_CheckRtag: Random tag successfully >>>>> checked >>>>> 090318 11:40:59 20753 secpwd_CheckTimeStamp: Nothing to do >>>>> 090318 11:40:59 20753 secpwd_QueryUser: Enter: bbockelmnocern3 >>>>> 090318 11:40:59 20753 sut_Cache::Refresh: cached information for >>>>> file /uscms/home/bbockelm/.xrd/pwdadmin is up-to-date >>>>> 090318 11:41:00 20753 secpwd_ExportCreds: File (template) >>>>> undefined - do nothing >>>>> 090318 11:41:00 20753 secpwd_Authenticate: WARNING: some problem >>>>> exporting creds to file; template is : >>>>> 090318 11:41:00 20753 sut_Rndm::GetString: enter: len: 8 (type: >>>>> Crypt) >>>>> 090318 11:41:00 20753 sut_Rndm::GetString: got: 8SVtIe9a >>>>> 090318 11:41:00 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdProtocol: 0100 more auth requested; sz=127 >>>>> 090318 11:41:00 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdResponse: 0100 sending 127 data bytes; status=4002 >>>>> 090318 11:41:03 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdProtocol: 0100 request timeout; read 0 of 24 bytes >>>>> 090318 11:41:03 20753 XrdPoll: Poller 0 enabled bbockelmn.2466:[log in to unmask] >>>>> 090318 11:41:19 20753 XrdSched: running bbockelmn.2466:[log in to unmask] >>>>> inq=0 >>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdProtocol: 0100 req=3000 dlen=143 >>>>> 090318 11:41:19 20753 secpwd_Authenticate: handshaking ID: >>>>> bbockelmn.2466:[log in to unmask] >>>>> 090318 11:41:19 20753 secpwd_ParseCrypto: parsing list: ssl >>>>> 090318 11:41:19 20753 crypto_Factory::GetCryptoFactory: ssl >>>>> crypto factory object already loaded (0x7fe2fb8a8960) >>>>> 090318 11:41:19 20753 secpwd_Authenticate: version run by >>>>> client: 10100 >>>>> 090318 11:41:19 20753 secpwd_CheckRtag: Random tag successfully >>>>> checked >>>>> 090318 11:41:19 20753 secpwd_CheckTimeStamp: Nothing to do >>>>> 090318 11:41:19 20753 sut_Rndm::GetBuffer: enter: len: 8 >>>>> 090318 11:41:19 20753 secpwd_SaveCreds: Entry for tag: >>>>> bbockelmnocern3_1 updated in cache >>>>> 090318 11:41:19 20753 sut_Cache::Flush: Cache flushed to file / >>>>> uscms/home/bbockelm/.xrd/pwdadmin (1 entries updated / written) >>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdResponse: 0100 sending OK >>>>> 090318 11:41:19 20753 XrootdXeq: bbockelmn.2466:[log in to unmask] >>>>> login as bbockelmnocern3 >>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdProtocol: 0100 req=3010 dlen=136 >>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] >>>>> XrootdProtocol: 0100 open rt /cmsfs/lfns/store/relval/ >>>>> CMSSW_2_2_1/RelValTTbar/GEN-SIM-RECO/ >>>>> STARTUP_V7_LowLumiPileUp_v1/0004/EC41ED67-E5C6- >>>>> DD11-97A2-000423D9989E.root >>>>> >>>>> On Mar 10, 2009, at 9:26 AM, Fabrizio Furano wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I guess that this needs a new XrdSec plugin to be written. >>>>>> Probably the secunix one could be a good starting point. >>>>>> >>>>>> Fabrizio >>>>>> >>>>>> >>>>>> Brian Bockelman ha scritto: >>>>>>> Hey Xrootd folks (hope I ended up on the right list), >>>>>>> I'd like to hook xrootd into our local-site authentication >>>>>>> methods. We currently keep all our user/passwords in a >>>>>>> htpasswd file, as generated by apache. What's the best way to >>>>>>> have the server read the data from that file and use it for >>>>>>> authentication? >>>>>>> Brian >>>>> >>>> >>>> >>>> -- >>>> + >>>> --------------------------------------------------------------------------+ >>>> Gerardo GANIS PH Department, CERN >>>> address CERN, CH 1211 Geneve 23 room: >>>> 32-RC-017, tel / fax: +412276 76439 / 69133 >>>> e-mail [log in to unmask] >>>> + >>>> --------------------------------------------------------------------------+ >>> >> > > > -- > + > --------------------------------------------------------------------------+ > Gerardo GANIS PH Department, CERN > address CERN, CH 1211 Geneve 23 room: 32- > RC-017, tel / fax: +412276 76439 / 69133 > e-mail [log in to unmask] > + > --------------------------------------------------------------------------+