Hello,

I was trying to configure xrootd to use gsi authentication both on server (4.8.2-1) and client (4.8.2-2) side
but I found out that definition of non default dirs for host cert/key doesn't seem, I mean I could restart xrootd but there was a warning in the xrootd.log (Note: xrootd is invoked by the CASTOR system)

180626 10:59:58 5740 secgsi_Init: WARNING: process has no permission to read the certificate key file: /etc/grid
-security/xrd/xrdkey.pem
180626 10:59:58 5740 secgsi_GetSrvCertEnt: failed to load certificate from files (/etc/grid-security/xrd/xrdcert
.pem,/etc/grid-security/xrd/xrdkey.pem)

The relevant lines in my xrootd config were

#-------------------------------------------------------------------------------
xrootd.seclib /usr/lib64/libXrdSec.so

UNIX authentication

sec.protocol /usr/lib64/ gsi

GSI authentication

sec.protocol gsi -crl:3 -cert:/etc/grid-security/xroot_certs/hostcert.pem -key:/etc/grid-security/xroot_certs/hostkey.pem -gridmap:/etc/grid-security/grid-mapfile -gmapopt:2 -gmapto:3600 -d:0

Configure gsi+krb5 as the default (CERN special, I think)

#sec.protbind * only krb5 gsi
sec.protbind * only gsi

Is this a bug or is it something I do wrong?

Many thanks in advance.

George

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Non default dirs for cert and key don't seem to work when GSI authenitication is enabled (#756)"}],"action":{"name":"View Issue","url":"https://github.com/xrootd/xrootd/issues/756"}}} [ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/756", "url": "https://github.com/xrootd/xrootd/issues/756", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } }, { "@type": "MessageCard", "@context": "http://schema.org/extensions", "hideOriginalBody": "false", "originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB", "title": "Non default dirs for cert and key don't seem to work when GSI authenitication is enabled (#756)", "sections": [ { "text": "", "activityTitle": "**george-patargias**", "activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png", "activitySubtitle": "@george-patargias", "facts": [ { "name": "Repository: ", "value": "xrootd/xrootd" }, { "name": "Issue #: ", "value": 756 } ] } ], "potentialAction": [ { "name": "Add a comment", "@type": "ActionCard", "inputs": [ { "isMultiLine": true, "@type": "TextInput", "id": "IssueComment", "isRequired": false } ], "actions": [ { "name": "Comment", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 756,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}" } ] }, { "name": "Close issue", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"IssueClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 756\n}" }, { "targets": [ { "os": "default", "uri": "https://github.com/xrootd/xrootd/issues/756" } ], "@type": "OpenUri", "name": "View on GitHub" }, { "name": "Unsubscribe", "@type": "HttpPOST", "target": "https://api.github.com", "body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 350141951\n}" } ], "themeColor": "26292E" } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1