 |
 |
Hi Tom, in the first print-out you are mapped to 'dteam' and this is probably what you wanted in this case. Our authz plug-in uses sec.name to map to the FS uid/gid. in the second print-out it does not call the VOMS authz routines (as you said) and this has nothing to do with the OFS/OSS plug-in you have. For this Fabrizio has to help ... however just a warning, currently we don't apply the 'role' field as FS uid or gid, this requires a 2 line change in our Authz plugin ... ( I am actually not sure if role is written into name?) ... in any case I write it to the to-do list. Cheers Andreas. On Wed, Nov 26, 2014 at 12:46 PM, <[log in to unmask]> wrote: > Hi, > > > > I'm trying to set up a XrdHTTP server with libXrdHttpVOMS, however I seem > to be missing something. I have a working xrootd server with > libXrdSecgsiAuthzVO.so controlling GSI authorisation (which I have > confirmed as working). I also have a working HTTPS server, with x.509 > authentication working (username is mapped to their browser certificates > DN). > > > > However, I then tried to use the http security extractor > /usr/lib64/libXrdHttpVOMS-4.so, which was provided by the > xrdhttpvoms-0.2.0-1.20141022.1000.el6.x86_64.rpm package (I found this from > the email thread about "enabling https" in this mailing list last month). > When adding the SecXtractor option to the config the http server now > refuses to use the certificate (even in https), and just identifies the > user as 'nobody'. And looking at the log, no authentication/authorisation > is even attempted. (I've attached a log showing startup, a correctly > authorised cmd line operation and a 'failed' https operation. I've also > attached the config used) > > > > There’s no obvious error messages, the only bit that confuses me is the > "Config warning: 'xrootd.seclib' not specified; strong authentication > disabled!" towards the end of startup, despite the fact the security > library had clearly been loaded (and is working). > > > > I'm using the xrootd4 package and all dependencies from the LCGDM > Continuous Build Repository (ver. 20140918.cf01cb4), but I'm using some > other xrootd packages from an eos-diamond repo for the storage bits, as > this xrootd server is using a Ceph object store as it's storage. I don't > think it should affect anything on the authn/z side of things however. > > > > What am I doing wrong? I have a feeling I may have I got the wrong end of > the stick completely and the security extractor doesn't do what I think it > does, or that it will, but I'm not using up to date packages (or something > else entirely, I’m very new to xrootd and GSI). > > > > Any help would be greatly appreciated! > > > > Cheers > > Tom > > -- > Scanned by iCritical. > > > ------------------------------ > > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-L list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 > ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1