LISTSERV 16.5 - XROOTD-DEV Archives

Follow-up Comment #3, bug #87887 (project xrootd):

Hi,

  On the remote node ascint1y:

here is the keytab file and contents
[root@ascint1y ~]# xrdsssadmin list /var/spool/xrootd/.xrd/sss.keytab
     Number Len Date/Time Created Expires  Keyname User & Group
     ------ --- --------- ------- -------- -------
          1  32 10/07/11 14:09:02 -------- sss_keytab anybody atlas

with XrdSecDEBUG=1 
mount -t fuse -a

gives:

root@ascint1y ~]# mount -t fuse -a
sec_Client: protocol request for host atlas21.hep.anl.gov
token='&P=unix&P=sss,0.13:'
sec_PM: Skipping unix only want sss
sec_PM: Loading sss protocol object from libXrdSecsss.so
sec_sss: Client keytab='/var/spool/xrootd/.xrd/sss.keytab'
sec_PM: Using sss protocol, args='0.13:'
sec_sss: Ret 151 bytes of credentials; k=1
sec_sss: Ret 151 bytes of credentials; k=1
sec_Client: protocol request for host atlas22.hep.anl.gov
token='&P=unix&P=sss,0.13:'
sec_PM: Skipping unix only want sss
sec_PM: Loading sss protocol object from libXrdSecsss.so
sec_sss: Client keytab='/var/spool/xrootd/.xrd/sss.keytab'
sec_PM: Using sss protocol, args='0.13:'
sec_sss: Ret 151 bytes of credentials; k=1
sec_sss: Ret 151 bytes of credentials; k=1


atlas22 (redirector machine) - remote xrootdfs mount

[root@atlas22 ~]# xrdsssadmin list /var/spool/xrootd/.xrd/sss.keytab
     Number Len Date/Time Created Expires  Keyname User & Group
     ------ --- --------- ------- -------- -------
          1  32 10/07/11 14:09:02 -------- sss_keytab anybody atlas


This is a single nic machine with ntp running and the time consitent.

On the other remote mount machine (stand alone xrootd data server)
atlas8/atlas21  (dual nic machine)

bash-3.2$ xrdcp /local/home/xrootd/xrootd-copy-test.ascint1y
root://atlas22.hep.anl.gov//atlas/xrootd-copy-test.ascint1y
sec_Client: protocol request for host atlas22.hep.anl.gov
token='&P=unix&P=sss,0.13:'
sec_PM: Loading unix protocol object from libXrdSecunix.so
sec_PM: Using unix protocol, args=''
sec_Client: protocol request for host ascint1y.hep.anl.gov
token='&P=sss,0.13:&P=unix'
sec_PM: Loading sss protocol object from libXrdSecsss.so
sec_PM: Using sss protocol, args='0.13:'
sec_sss: Init_Client: Unable to determine keytab location.
sec_PM: Using unix protocol, args=''
[xrootd] Total 0.00 MB  |====================| 100.00 % [inf MB/s]
bash-3.2$ xrdcp /local/home/xrootd/xrootd-copy-test.ascint1y
root://atlas21.hep.anl.gov//atlas/xrootd-copy-test.ascint1y
sec_Client: protocol request for host atlas21.hep.anl.gov
token='&P=unix&P=sss,0.13:'
sec_PM: Loading unix protocol object from libXrdSecunix.so
sec_PM: Using unix protocol, args=''
[xrootd] Total 0.00 MB  |====================| 100.00 % [inf MB/s]

As you can see when copying files with xrdcp the unix command was used.

In each system here is the sss security line from the configuration file

sec.protocol /usr/lib64 sss -s /var/spool/xrootd/.xrd/sss.keytab

will now test with group security priv.




    _______________________________________________________

Reply to this item at:

  <http://savannah.cern.ch/bugs/?87887>

_______________________________________________
  Message sent via/by LCG Savannah
  http://savannah.cern.ch/