LISTSERV 16.5 - XROOTD-L Archives

Hi,

until proxy delegation is implemented upstream, we are solving proxy generation with a script instead of xrdcp, i.e. we have the following in xrootd.cfg:
ofs.tpc autorm scan all ttl 180 1800 pgm /usr/local/bin/xrdcp-voms --server

The script is the following:
--------------------------------------------------
#!/bin/bash

if [ -e "/etc/grid-security/robotcert.pem" ]; then
        export X509_USER_CERT=/etc/grid-security/robotcert.pem
        export X509_USER_KEY=/etc/grid-security/robotkey.pem
        voms-proxy-info -exists > /dev/null 2>&1
        if [ $? -eq 1 ]; then
                voms-proxy-init -voms atlas
        fi
        export X509_USER_PROXY=$(voms-proxy-info -path)
fi

/usr/bin/xrdcp -v -d 3 "$@"

# Fixup permissions, allow everybody to read.
# This obscure syntax is a bashism to get the last argument:
transfered_file="${@: -1}"
if [ -f "${transfered_file}" ]; then
        chmod go+r "${transfered_file}"
fi
--------------------------------------------------
However, as you can see, we are using a robot certificate here, *not* the host certificate. 
This is needed since for us the certificate needs to be registered in the ATLAS VO, to get a VOMS proxy for authentication against other servers. 
For this, we have requested a robot certificate and registered it in the VO. 

Maybe something similar will also help in your case? 

Cheers,
	Oliver

Am 17.05.2018 um 20:06 schrieb Dmitry O Litvintsev:
> Hello, 
> 
> We have setup two GSI authenticated XRootD servers. I can read/write to any of them. 
> 
> When I tried 3-rd party transfers (TPC) I had to specify these variables:
> 
> in  StartXRD.cf :
> 
> export X509_USER_CERT=/etc/grid-security/xrootd/hostcert.pem
> export X509_USER_KEY=/etc/grid-security/xrootd/hostkey.pem
> export X509_USER_PROXY=/tmp/x509up_u498
> 
> Unfortunately I have to have some external process renewing proxy b/c the client when invoked by the server to perform TPC would not create proxy (from cert/key pair). I get:
> 
> TPC job 8: 180517 11:46:47 6099 secgsi_InitProxy: Not a tty: cannot prompt for proxies - do nothing
> TPC job 8: 180517 11:46:47 6099 secgsi_QueryProxy: problems initializing proxy via external shell
> 
> Apparently a system call to "grid-proxy-init" is protected against non tty invocation.
> (based on my reading of  https://github.com/xrootd/xrootd/blob/master/src/XrdSecgsi/XrdSecProtocolgsi.cc)
> 
> This seems awkward. I wonder, am I missing something in my setup? 
> 
> Thank you, 
> Dmitry
> 
> ########################################################################
> Use REPLY-ALL to reply to list
> 
> To unsubscribe from the XROOTD-L list, click the following link:
> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
> 


-- 
Oliver Freyermuth
Universität Bonn
Physikalisches Institut, Raum 1.047
Nußallee 12
53115 Bonn
--
Tel.: +49 228 73 2367
Fax:  +49 228 73 7869
--

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1