Hi,

 

I'm trying to set up a XrdHTTP server with libXrdHttpVOMS, however I seem to be missing something. I have a working xrootd server with libXrdSecgsiAuthzVO.so controlling GSI authorisation (which I have confirmed as working). I also have a working HTTPS server, with x.509 authentication working (username is mapped to their browser certificates DN).

 

However, I then tried to use the http security extractor /usr/lib64/libXrdHttpVOMS-4.so, which was provided by the xrdhttpvoms-0.2.0-1.20141022.1000.el6.x86_64.rpm package (I found this from the email thread about "enabling https" in this mailing list last month). When adding the SecXtractor option to the config the http server now refuses to use the certificate (even in https), and just identifies the user as 'nobody'. And looking at the log, no authentication/authorisation is even attempted. (I've attached a log showing startup, a correctly authorised cmd line operation and a 'failed' https operation. I've also attached the config used)

 

There’s no obvious error messages, the only bit that confuses me is the "Config warning: 'xrootd.seclib' not specified; strong authentication disabled!" towards the end of startup, despite the fact the security library had clearly been loaded (and is working).

 

I'm using the xrootd4 package and all dependencies from the LCGDM Continuous Build Repository (ver. 20140918.cf01cb4), but I'm using some other xrootd packages from an eos-diamond repo for the storage bits, as this xrootd server is using a Ceph object store as it's storage. I don't think it should affect anything on the authn/z side of things however.

 

What am I doing wrong? I have a feeling I may have I got the wrong end of the stick completely and the security extractor doesn't do what I think it does, or that it will, but I'm not using up to date packages (or something else entirely, I’m very new to xrootd and GSI).

 

Any help would be greatly appreciated!

 

Cheers

Tom