Hi, Sorry for the late reply, but I was hoping that a new development tarball could be made available on the web site. But that is delayed but some other problems. So I have made a snapshot of the current head and put on my public AFS areas at CERN and SLAC: /afs/slac.stanford.edu/u/br/ganis/public/xrootd-20090421-0541.src.tgz /afs/cern.ch/user/g/ganis/public/xrootd-20090421-0541.src.tgz Let me know if you manage to give a try. Cheers, Gerri Brian Bockelman wrote: > Yup, a tarball would be more convenient for me - I have only used > tarballs from the website up to this point. > > Brian > > On Apr 9, 2009, at 2:42 AM, Gerardo Ganis wrote: > >> >> Hi Brian, >> >> Sorry for the somewhat late reply. >> The problem should now be fixed in the CVS head. >> We can create a new tarball if that is a convenient way for you to >> test the fix. >> >> Let me know, >> >> Gerri >> >> >> Brian Bockelman wrote: >>> Hey Gerri, >>> >>> Any updates on this? >>> >>> Brian >>> >>> On Mar 19, 2009, at 12:14 PM, Brian Bockelman wrote: >>> >>>> Hey Gerardo, >>>> >>>> Here's the tarball I found from the xrootd homepage >>>> >>>> xrootd-20080828-1632.src.tgz >>>> >>>> Brian >>>> >>>> On Mar 19, 2009, at 12:08 PM, Gerardo Ganis wrote: >>>> >>>>> >>>>> Hi Brian, >>>>> >>>>> I managed to reproduce the problem: the file is read but for some >>>>> reason the cache is not >>>>> really updated (0 entries updated); this sounds like a bug. I will >>>>> try to understand whether >>>>> there is any work around to re-starting the server. >>>>> >>>>> By default the client should not cache anything; it does cache >>>>> the relevant info if you set >>>>> the env XrdSecPWDAUTOLOG to 1 . You can check the client cache by >>>>> running >>>>> >>>>> xrdpwdadmin -m netrc >>>>> >>>>> Cheers, Gerri >>>>> >>>>> PS: what version of XROOTD are you running? >>>>> >>>>> Brian Bockelman wrote: >>>>>> Hey Fabrizio, >>>>>> >>>>>> I went back with our folks, and we've come up with an acceptable >>>>>> solution (I don't really want to force all our users out there to >>>>>> get a new module!) >>>>>> >>>>>> Basically, they log into a web interface using the current auth >>>>>> scheme and it generates a one-time password for them. They are >>>>>> given the one-time password and the first time they use it, they >>>>>> change it. >>>>>> >>>>>> HOWEVER, it appears that users added with xrdpwdadmin can't >>>>>> effectively use xrootd until the daemon is restarted. >>>>>> >>>>>> Here's the command I use, for example: >>>>>> >>>>>> xrdpwdadmin add bbockelmnocern3 -force -dontask >>>>>> >>>>>> I then take the generated password and try to use it. The server >>>>>> logs are below. The user output look like this (gDebug=5, >>>>>> removing un-interesting stuff): >>>>>> >>>>>> Password for [log in to unmask]:cmsfilemover: >>>>>> Info in <TXNetFile::Open>: remote file could not be open >>>>>> Info in <TXNetFile::CreateXClient>: remote file could not be open >>>>>> Error in <TXNetFile::CreateXClient>: open attempt failed on >>>>>> root:[log in to unmask] >>>>>> >>>>>> >>>>>> If I then restart the xrootd server, things work. In fact, after >>>>>> restarting the xrootd server, the client no longer asks me for >>>>>> the temporary password (I assume it saved it to the client's >>>>>> cache?) and just asks me to change the password. >>>>>> >>>>>> It appears that the xrootd server is claiming in the logs it has >>>>>> reloaded the cached authentication file, but this reloading >>>>>> failed to work. >>>>>> >>>>>> Brian >>>>>> >>>>>> First attempt: >>>>>> >>>>>> 090318 11:39:00 001 XrdInet: Accepted connection from [log in to unmask] >>>>>> 090318 11:39:00 20699 XrdSched: running ?:[log in to unmask] inq=0 >>>>>> 090318 11:39:00 20699 XrdProtocol: matched protocol xrootd >>>>>> 090318 11:39:00 20699 ?:[log in to unmask] XrdPoll: FD 27 attached to >>>>>> poller 0; num=1 >>>>>> 090318 11:39:00 20699 ?:[log in to unmask] XrootdProtocol: 0100 >>>>>> req=3007 dlen=0 >>>>>> 090318 11:39:00 20699 sec_getParms: red.unl.edu >>>>>> sectoken=&P=pwd,v:10100,id:cmsfilemover,c:ssl >>>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] >>>>>> XrootdResponse: 0100 sending 52 data bytes; status=0 >>>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] >>>>>> XrootdProtocol: 0100 req=3000 dlen=254 >>>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: constructing: >>>>>> host: red.unl.edu >>>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: p: pwd, plen: 4 >>>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: mode: server >>>>>> 090318 11:39:00 20699 secpwd_XrdSecProtocolpwd: object created: v.. >>>>>> 090318 11:39:00 20699 secpwd_Authenticate: handshaking ID: >>>>>> bbockelmn.4519:[log in to unmask] >>>>>> 090318 11:39:00 20699 secpwd_ParseCrypto: parsing list: ssl >>>>>> 090318 11:39:00 20699 crypto_Factory::GetCryptoFactory: ssl >>>>>> crypto factory object already loaded (0x7f7faf664960) >>>>>> 090318 11:39:00 20699 secpwd_Authenticate: version run by client: >>>>>> 10100 >>>>>> 090318 11:39:00 20699 secpwd_CheckRtag: Nothing to check >>>>>> 090318 11:39:00 20699 secpwd_CheckTimeStamp: Nothing to do >>>>>> 090318 11:39:00 20699 sut_Rndm::GetString: enter: len: 8 (type: >>>>>> Crypt) >>>>>> 090318 11:39:00 20699 sut_Rndm::GetString: got: V9JGOZzx >>>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] >>>>>> XrootdProtocol: 0100 more auth requested; sz=103 >>>>>> 090318 11:39:00 20699 bbockelmn.4519:[log in to unmask] >>>>>> XrootdResponse: 0100 sending 103 data bytes; status=4002 >>>>>> 090318 11:39:03 20699 bbockelmn.4519:[log in to unmask] >>>>>> XrootdProtocol: 0100 request timeout; read 0 of 24 bytes >>>>>> 090318 11:39:03 20699 XrdPoll: Poller 0 enabled >>>>>> bbockelmn.4519:[log in to unmask] >>>>>> 090318 11:39:11 20699 XrdSched: running >>>>>> bbockelmn.4519:[log in to unmask] inq=0 >>>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] >>>>>> XrootdProtocol: 0100 req=3000 dlen=167 >>>>>> 090318 11:39:11 20699 secpwd_Authenticate: handshaking ID: >>>>>> bbockelmn.4519:[log in to unmask] >>>>>> 090318 11:39:11 20699 secpwd_ParseCrypto: parsing list: ssl >>>>>> 090318 11:39:11 20699 crypto_Factory::GetCryptoFactory: ssl >>>>>> crypto factory object already loaded (0x7f7faf664960) >>>>>> 090318 11:39:11 20699 secpwd_Authenticate: version run by client: >>>>>> 10100 >>>>>> 090318 11:39:11 20699 secpwd_CheckRtag: Random tag successfully >>>>>> checked >>>>>> 090318 11:39:11 20699 secpwd_CheckTimeStamp: Nothing to do >>>>>> 090318 11:39:11 20699 secpwd_QueryUser: Enter: bbockelmnocern3 >>>>>> 090318 11:39:11 20699 sut_Cache::Rehash: Hash table updated >>>>>> (found 11 active entries) >>>>>> 090318 11:39:11 20699 sut_Cache::Refresh: Cache refreshed from >>>>>> file /uscms/home/bbockelm/.xrd/pwdadmin (0 entries updated) >>>>>> 090318 11:39:11 20699 secpwd_ErrF: Secpwd: wrong credentials: : >>>>>> user : bbockelmnocern3: kXPC_normal >>>>>> 090318 11:39:11 20699 XrootdXeq: User authentication failed; >>>>>> Secpwd: wrong credentials: : user : bbockelmnocern3: kXPC_normal >>>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] >>>>>> XrootdResponse: 0100 sending err 3010: Secpwd: wrong credentials: >>>>>> : user : bbockelmnocern3: kXPC_normal >>>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] >>>>>> XrootdProtocol: 0100 req=3010 dlen=136 >>>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] >>>>>> XrootdResponse: 0100 sending err 3006: Invalid request; user not >>>>>> authenticated >>>>>> 090318 11:39:11 20699 XrootdXeq: bbockelmn.4519:[log in to unmask] >>>>>> disc 0:00:11 >>>>>> 090318 11:39:11 20699 bbockelmn.4519:[log in to unmask] XrdPoll: FD >>>>>> 27 detached from poller 0; num=0 >>>>>> >>>>>> Second attempt: >>>>>> >>>>>> 090318 11:40:59 001 XrdInet: Accepted connection from [log in to unmask] >>>>>> 090318 11:40:59 20753 XrdSched: running ?:[log in to unmask] inq=0 >>>>>> 090318 11:40:59 20753 XrdProtocol: matched protocol xrootd >>>>>> 090318 11:40:59 20753 ?:[log in to unmask] XrdPoll: FD 26 attached to >>>>>> poller 0; num=1 >>>>>> 090318 11:40:59 20753 ?:[log in to unmask] XrootdProtocol: 0100 >>>>>> req=3007 dlen=0 >>>>>> 090318 11:40:59 20753 sec_getParms: red.unl.edu >>>>>> sectoken=&P=pwd,v:10100,id:cmsfilemover,c:ssl >>>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdResponse: 0100 sending 52 data bytes; status=0 >>>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdProtocol: 0100 req=3000 dlen=254 >>>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: constructing: >>>>>> host: red.unl.edu >>>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: p: pwd, plen: 4 >>>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: mode: server >>>>>> 090318 11:40:59 20753 secpwd_XrdSecProtocolpwd: object created: v.. >>>>>> 090318 11:40:59 20753 secpwd_Authenticate: handshaking ID: >>>>>> bbockelmn.2466:[log in to unmask] >>>>>> 090318 11:40:59 20753 secpwd_ParseCrypto: parsing list: ssl >>>>>> 090318 11:40:59 20753 crypto_Factory::GetCryptoFactory: ssl >>>>>> crypto factory object already loaded (0x7fe2fb8a8960) >>>>>> 090318 11:40:59 20753 secpwd_Authenticate: version run by client: >>>>>> 10100 >>>>>> 090318 11:40:59 20753 secpwd_CheckRtag: Nothing to check >>>>>> 090318 11:40:59 20753 secpwd_CheckTimeStamp: Nothing to do >>>>>> 090318 11:40:59 20753 sut_Rndm::GetString: enter: len: 8 (type: >>>>>> Crypt) >>>>>> 090318 11:40:59 20753 sut_Rndm::Init: taking seed from /dev/urandom >>>>>> 090318 11:40:59 20753 sut_Rndm::GetString: got: .8lrX3bS >>>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdProtocol: 0100 more auth requested; sz=103 >>>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdResponse: 0100 sending 103 data bytes; status=4002 >>>>>> 090318 11:40:59 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdProtocol: 0100 req=3000 dlen=167 >>>>>> 090318 11:40:59 20753 secpwd_Authenticate: handshaking ID: >>>>>> bbockelmn.2466:[log in to unmask] >>>>>> 090318 11:40:59 20753 secpwd_ParseCrypto: parsing list: ssl >>>>>> 090318 11:40:59 20753 crypto_Factory::GetCryptoFactory: ssl >>>>>> crypto factory object already loaded (0x7fe2fb8a8960) >>>>>> 090318 11:40:59 20753 secpwd_Authenticate: version run by client: >>>>>> 10100 >>>>>> 090318 11:40:59 20753 secpwd_CheckRtag: Random tag successfully >>>>>> checked >>>>>> 090318 11:40:59 20753 secpwd_CheckTimeStamp: Nothing to do >>>>>> 090318 11:40:59 20753 secpwd_QueryUser: Enter: bbockelmnocern3 >>>>>> 090318 11:40:59 20753 sut_Cache::Refresh: cached information for >>>>>> file /uscms/home/bbockelm/.xrd/pwdadmin is up-to-date >>>>>> 090318 11:41:00 20753 secpwd_ExportCreds: File (template) >>>>>> undefined - do nothing >>>>>> 090318 11:41:00 20753 secpwd_Authenticate: WARNING: some problem >>>>>> exporting creds to file; template is : >>>>>> 090318 11:41:00 20753 sut_Rndm::GetString: enter: len: 8 (type: >>>>>> Crypt) >>>>>> 090318 11:41:00 20753 sut_Rndm::GetString: got: 8SVtIe9a >>>>>> 090318 11:41:00 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdProtocol: 0100 more auth requested; sz=127 >>>>>> 090318 11:41:00 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdResponse: 0100 sending 127 data bytes; status=4002 >>>>>> 090318 11:41:03 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdProtocol: 0100 request timeout; read 0 of 24 bytes >>>>>> 090318 11:41:03 20753 XrdPoll: Poller 0 enabled >>>>>> bbockelmn.2466:[log in to unmask] >>>>>> 090318 11:41:19 20753 XrdSched: running >>>>>> bbockelmn.2466:[log in to unmask] inq=0 >>>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdProtocol: 0100 req=3000 dlen=143 >>>>>> 090318 11:41:19 20753 secpwd_Authenticate: handshaking ID: >>>>>> bbockelmn.2466:[log in to unmask] >>>>>> 090318 11:41:19 20753 secpwd_ParseCrypto: parsing list: ssl >>>>>> 090318 11:41:19 20753 crypto_Factory::GetCryptoFactory: ssl >>>>>> crypto factory object already loaded (0x7fe2fb8a8960) >>>>>> 090318 11:41:19 20753 secpwd_Authenticate: version run by client: >>>>>> 10100 >>>>>> 090318 11:41:19 20753 secpwd_CheckRtag: Random tag successfully >>>>>> checked >>>>>> 090318 11:41:19 20753 secpwd_CheckTimeStamp: Nothing to do >>>>>> 090318 11:41:19 20753 sut_Rndm::GetBuffer: enter: len: 8 >>>>>> 090318 11:41:19 20753 secpwd_SaveCreds: Entry for tag: >>>>>> bbockelmnocern3_1 updated in cache >>>>>> 090318 11:41:19 20753 sut_Cache::Flush: Cache flushed to file >>>>>> /uscms/home/bbockelm/.xrd/pwdadmin (1 entries updated / written) >>>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdResponse: 0100 sending OK >>>>>> 090318 11:41:19 20753 XrootdXeq: bbockelmn.2466:[log in to unmask] >>>>>> login as bbockelmnocern3 >>>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdProtocol: 0100 req=3010 dlen=136 >>>>>> 090318 11:41:19 20753 bbockelmn.2466:[log in to unmask] >>>>>> XrootdProtocol: 0100 open rt >>>>>> /cmsfs/lfns/store/relval/CMSSW_2_2_1/RelValTTbar/GEN-SIM-RECO/STARTUP_V7_LowLumiPileUp_v1/0004/EC41ED67-E5C6-DD11-97A2-000423D9989E.root >>>>>> >>>>>> >>>>>> On Mar 10, 2009, at 9:26 AM, Fabrizio Furano wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I guess that this needs a new XrdSec plugin to be written. >>>>>>> Probably the secunix one could be a good starting point. >>>>>>> >>>>>>> Fabrizio >>>>>>> >>>>>>> >>>>>>> Brian Bockelman ha scritto: >>>>>>>> Hey Xrootd folks (hope I ended up on the right list), >>>>>>>> I'd like to hook xrootd into our local-site authentication >>>>>>>> methods. We currently keep all our user/passwords in a >>>>>>>> htpasswd file, as generated by apache. What's the best way to >>>>>>>> have the server read the data from that file and use it for >>>>>>>> authentication? >>>>>>>> Brian >>>>>> >>>>> >>>>> >>>>> -- >>>>> +--------------------------------------------------------------------------+ >>>>> >>>>> Gerardo GANIS PH Department, CERN >>>>> address CERN, CH 1211 Geneve 23 room: >>>>> 32-RC-017, tel / fax: +412276 76439 / 69133 >>>>> e-mail [log in to unmask] >>>>> +--------------------------------------------------------------------------+ >>>>> >>>> >>> >> >> >> -- >> +--------------------------------------------------------------------------+ >> >> Gerardo GANIS PH Department, CERN >> address CERN, CH 1211 Geneve 23 room: >> 32-RC-017, tel / fax: +412276 76439 / 69133 >> e-mail [log in to unmask] >> +--------------------------------------------------------------------------+ >> > -- +--------------------------------------------------------------------------+ Gerardo GANIS PH Department, CERN address CERN, CH 1211 Geneve 23 room: 32-RC-017, tel / fax: +412276 76439 / 69133 e-mail [log in to unmask] +--------------------------------------------------------------------------+