Following a user report, we have found that when a user accesses xroot via a VOMS proxy certificate that includes a VOMS role, the X509 plugin seems to require that a mapping be defined on the server side for that role
Failure to provide a mapping results in the plugin to map the user to a default uid = 99 (ie 'nobody'), as can be seen in this log excerpt:
`160115 13:19:48 time=1452860388430486 func=GetIdMapping level=WARN logid=1267d8fe-bb7a-11e5-a0f5-c860001bd8b2 unit=rdr@c2public-1cernch:1094 tid=139751941015296 source=XrdxCastor2Fs:1841 tid
ent=dirac31411:74@voilcdiractest04 msg="no passwd struct found for role=dirac"
160115 13:19:48 time=1452860388430564 func=GetIdMapping level=DEBUG logid=1267d8fe-bb7a-11e5-a0f5-c860001bd8b2 unit=rdr@c2public-1cernch:1094 tid=139751941015296 source=XrdxCastor2Fs:1846 tid
ent=dirac31411:74@voilcdiractest04 msg="role=dirac -> uid/gid=99/99"`
Shouldn't the appropriate behavior instead be to ignore the role and map the user according to the loaded gridmap file? Can you please check the code?
—
Reply to this email directly or view it on GitHub.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1