Print

Print

Defining a sec protocl that fails but then following it with one that succeeds ends up with xrootd failing initialization:

190807 17:22:08 590 secgsi_InitOpts: *** ------------------------------------------------------------ ***
INFO in xrootd-lcmaps config: XrdLcmaps: Setting LCMAPS config file to /etc/lcmaps.db.
INFO in xrootd-lcmaps config: XrdLcmaps: Setting LCMAPS log level to 0.
INFO in xrootd-lcmaps config: XrdLcmaps: Using LCMAPS policy name xrootd_policy.
lcmaps[590]     LOG_ERR: 2019-08-07.17:22:08Z: /etc/lcmaps.db:165: [warning] expecting rule definitions.
lcmaps[590]     LOG_ERR: 2019-08-07.17:22:08Z: /etc/lcmaps.db:165: [warning] no rules specified for policy: 'glexec' at line 153.
lcmaps[590]     LOG_ERR: 2019-08-07.17:22:08Z: lcmaps.mod-PluginInit(): plugin lcmaps_gums_client.mod not found (arguments: -resourcetype ce -actiontype execute-now -capath /etc/grid-security/certificates -cert   /etc/grid-security/hostcert.pem -key    /etc/grid-security/hostkey.pem --cert-owner root --endpoint https://yourgums.yourdomain:8443/gums/services/GUMSXACMLAuthorizationServicePort)
lcmaps[590]     LOG_ERR: 2019-08-07.17:22:08Z: lcmaps.mod-lcmaps_startPluginManager(): error initializing plugin: lcmaps_gums_client.mod
lcmaps[590]     LOG_ERR: 2019-08-07.17:22:08Z: lcmaps_init() error: could not start plugin manager
ERROR in xrootd-lcmaps config: Failed to initialize LCMAPS
190807 17:22:08 590 secgsi_LoadAuthzFun: problems executing 'XrdSecgsiAuthzInit()' (rc: -1)
190807 17:22:08 590 secgsi_Init: Secgsi: ErrError: Authz plug-in could not be loaded: libXrdLcmaps.so
Secgsi: ErrError: Authz plug-in could not be loaded: libXrdLcmaps.so
=====> sec.protocol /usr/lib64 gsi -certdir:/etc/grid-security/certificates -cert:/etc/grid-security/xrd/xrdcert.pem -key:/etc/grid-security/xrd/xrdkey.pem -crl:1 -authzfun:libXrdLcmaps.so -authzfunparms:lcmapscfg=/etc/lcmaps.db,loglevel=0,policy=authorize_only -gmapopt:10 -gmapto:0

This is despite being overwritten in the configuration lateR:

Config continuing with file /etc/xrootd/config.d/50-cms-xcache-authz.cfg ...
Plugin loaded 
190807 17:22:08 590 secgsi_InitOpts: *** ------------------------------------------------------------ ***
190807 17:22:08 590 secgsi_InitOpts:  Mode: server
190807 17:22:08 590 secgsi_InitOpts:  Debug: -1
190807 17:22:08 590 secgsi_InitOpts:  CA dir: /etc/grid-security/certificates
190807 17:22:08 590 secgsi_InitOpts:  CA verification level: 1
190807 17:22:08 590 secgsi_InitOpts:  CRL dir: ,/etc/grid-security/certificates/
190807 17:22:08 590 secgsi_InitOpts:  CRL extension: .r0
190807 17:22:08 590 secgsi_InitOpts:  CRL check level: 1
190807 17:22:08 590 secgsi_InitOpts:  CRL refresh time: 86400
190807 17:22:08 590 secgsi_InitOpts:  Certificate: /etc/grid-security/xrd/xrdcert.pem
190807 17:22:08 590 secgsi_InitOpts:  Key: /etc/grid-security/xrd/xrdkey.pem
190807 17:22:08 590 secgsi_InitOpts:  Proxy delegation option: 0
190807 17:22:08 590 secgsi_InitOpts:  GRIDmap file: /etc/grid-security/grid-mapfile
190807 17:22:08 590 secgsi_InitOpts:  GRIDmap option: 10
190807 17:22:08 590 secgsi_InitOpts:  GRIDmap cache entries expiration (secs): 0
190807 17:22:08 590 secgsi_InitOpts:  Authorization function: libXrdLcmaps.so
190807 17:22:08 590 secgsi_InitOpts:  Authorization function parms: lcmapscfg=/etc/xrootd/lcmaps.cfg,loglevel=1,no-authz
190807 17:22:08 590 secgsi_InitOpts:  Authorization cache entries expiration (secs): -1
190807 17:22:08 590 secgsi_InitOpts:  Client proxy availability in XrdSecEntity.endorsement: 0
190807 17:22:08 590 secgsi_InitOpts:  VOMS option: 1
190807 17:22:08 590 secgsi_InitOpts:  MonInfo option: 0
190807 17:22:08 590 secgsi_InitOpts:  Crypto modules: ssl
190807 17:22:08 590 secgsi_InitOpts:  Ciphers: aes-128-cbc:bf-cbc:des-ede3-cbc
190807 17:22:08 590 secgsi_InitOpts:  MDigests: sha1:md5
190807 17:22:08 590 secgsi_InitOpts:  Trusting DNS for hostname checking
190807 17:22:08 590 secgsi_InitOpts: *** ------------------------------------------------------------ ***
INFO in xrootd-lcmaps config: XrdLcmaps: Setting LCMAPS config file to /etc/xrootd/lcmaps.cfg.
INFO in xrootd-lcmaps config: XrdLcmaps: Setting LCMAPS log level to 1.
190807 17:22:08 590 secgsi_LoadAuthzFun: using 'XrdSecgsiAuthzFun()' from libXrdLcmaps.so
=====> sec.protocol /usr/lib64 gsi -certdir:/etc/grid-security/certificates -cert:/etc/grid-security/xrd/xrdcert.pem -key:/etc/grid-security/xrd/xrdkey.pem -crl:1 -authzfun:libXrdLcmaps.so -authzfunparms:lcmapscfg=/etc/xrootd/lcmaps.cfg,loglevel=1,no-authz -gmapopt:10 -gmapto:0


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1039?email_source=notifications\u0026email_token=AA7NRDR56QZHVT4SOUY5MLTQEXIXZA5CNFSM4IMCKUAKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HFRADBA", "url": "https://github.com/xrootd/xrootd/issues/1039?email_source=notifications\u0026email_token=AA7NRDR56QZHVT4SOUY5MLTQEXIXZA5CNFSM4IMCKUAKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HFRADBA", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1