LISTSERV 16.5 - XROOTD-L Archives

On 2/28/20 1:11 PM, Michal Kamil Simon wrote:
> Hi Adrian,
Hi!

> It's a feature not a bug ;-)
:))

> Now more seriously, if you detach your script from the terminal,
> it wont be prompted to give a password in order to create a
> new proxy cert (it will rather simply fail).
> 
> To summarize, we check if stdin/stdout are attach to a terminal:
> https://github.com/xrootd/xrootd/blob/master/src/XrdSecgsi/XrdSecProtocolgsi.cc#L4793-L4796
> and only then we try to generate the proxy cert if it's absent,
> otherwise the client simply fails to authenticate.
ok, got it, but the main problem is that such a request is made!
why would an xrdfs query request a proxy cert?

I would like to deny any kind of proxy cert requests and throw an error 
because i would say that if the server request a proxy cert than from 
the perspective of ALICE usage, the server is mis-configured... so, i 
would like to find out why this is requested and how to eliminate the 
need of proxy cert.

Thanks a lot!!
Adrian


> 
> Hope that helps.
> 
> Cheers,
> Michal
> ________________________________________
> From: [log in to unmask] [[log in to unmask]] on behalf 
> of Adrian Sevcenco [[log in to unmask]]
> Sent: 28 February 2020 10:54
> To: [log in to unmask]
> Subject: xrdfs :: request for x509 proxy???
> 
> Hi! While doing an stat with xrdfs i encountered this :
> 
> 200228 10:55:42 1030664 cryptossl_X509CreateProxy: Your identity:
> /DC=RO/DC=RomanianGRID/O=ISS/CN=Adrian SEVCENCO
> Enter PEM pass phrase:
> 
> Why would the xrdfs ask to create proxy?
> Also, this happened when doing cp operation within python ..
> 
> While on the issue of required or not i cannot say anything, the fact
> that i get a dialogue instead of a direct failure is a huge bug!!!
> It breaks any script that do automatic tasks or a sequence of tasks
> 
> Thanks!
> Adrian
> 
> 
> 
> ########################################################################
> Use REPLY-ALL to reply to list
> 
> To unsubscribe from the XROOTD-L list, click the following link:
> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1


-- 
----------------------------------------------
Adrian Sevcenco, Ph.D.                       |
Institute of Space Science - ISS, Romania    |
adrian.sevcenco at {cern.ch,spacescience.ro} |
----------------------------------------------


########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1