LISTSERV 16.5 - XROOTD-DEV Archives

I am testing the xrootd 5.0-rc2 and having issues when turning TLS on.  I have am using a cache -> origin architecture.

On the cache, I have no special configuration.  It is OSG's build: xrootd-server-5.0.0-0.rc2.2.osgup.el7.x86_64.  The cache has the proxy line removed, so it cannot use a proxy to force other authentication methods.

On the origin, I have the TLS lines:
```
xrd.tls /etc/grid-security/xrd/xrdcert.pem /etc/grid-security/xrd/xrdkey.pem
xrd.tlsca noverify
xrd.trace all
xrd.trace tls
xrd.protocol tls xrootd:1095 *
```

The origin also has `gsi` enabled.  Same version of xrootd as the cache.

### Cache Log
```
200501 00:14:32 13399 XrdInet: Accepted connection from 161@natnode
200501 00:14:32 13399 XrdProtLoad: matched port 8443 protocol http
200501 00:14:32 13399 anon:161@natnode XrdPoll: FD 161 attached to poller 0; num=1
200501 00:14:32 13399 XrootdBridge: unknown.1:161@natnode login as nobody
200501 00:14:32 13399 unknown.1:161@natnode ofs_stat:  fn=/hcc/PROTECTED/dweitzel-test/blah2.txt
[2020-05-01 00:14:33.148553 +0000][Error  ][XRootDTransport   ] [p0@origin:1095.0] No protocols left to try
[2020-05-01 00:14:33.148609 +0000][Error  ][AsyncSock         ] [p0@origin:1095.0] Socket error while handshaking: [FATAL] Auth failed
[2020-05-01 00:14:33.148660 +0000][Error  ][PostMaster        ] [p0@origin:1095] elapsed = 0, pConnectionWindow = 120 seconds.
[2020-05-01 00:14:33.148682 +0000][Error  ][PostMaster        ] [p0@origin:1095] Unable to recover: [FATAL] Auth failed.
[2020-05-01 00:14:33.148689 +0000][Error  ][XRootD            ] [p0@origin:1095] Impossible to send message kXR_stat (path: /hcc/PROTECTED/dweitzel-test/blah2.txt?authz=Bearer%20biglongbearertoken&oss.lcl=1&pss.tid=http, flags: none). Trying to recover.
200501 00:14:33 13399 ofs_stat: unknown.1:161@natnode Unable to locate /hcc/PROTECTED/dweitzel-test/blah2.txt; permission denied
200501 00:14:33 13399 unknown.1:161@natnode XrootdResponse: sending err 3010: Unable to locate /hcc/PROTECTED/dweitzel-test/blah2.txt; permission denied
200501 00:14:33 13399 unknown.1:161@natnode ofs_open: 0-600 fn=/hcc/PROTECTED/dweitzel-test/blah2.txt
[2020-05-01 00:14:33.174253 +0000][Error  ][XRootDTransport   ] [origin:1095.0] No protocols left to try
[2020-05-01 00:14:33.174280 +0000][Error  ][AsyncSock         ] origin:1095.0] Socket error while handshaking: [FATAL] Auth failed
[2020-05-01 00:14:33.174323 +0000][Error  ][PostMaster        ] [origin:1095] elapsed = 0, pConnectionWindow = 120 seconds.
[2020-05-01 00:14:33.174334 +0000][Error  ][PostMaster        ] [origin:1095] Unable to recover: [FATAL] Auth failed.
[2020-05-01 00:14:33.174339 +0000][Error  ][XRootD            ] [origin:1095] Impossible to send message kXR_open (file: /hcc/PROTECTED/dweitzel-test/blah2.txt?authz=Bearer%20biglongbearertoken&oss.lcl=1&pss.tid=http, mode: 00, flags: kXR_open_read kXR_async kXR_retstat ). Trying to recover.
200501 00:14:33 13399 Posix_Open: [FATAL] Auth failed open root://origin:1095//hcc/PROTECTED/dweitzel-test/blah2.txt?authz=Bearer%20biglongbearertoken&pss.tid=http&oss.lcl=1
200501 00:14:33 13399 ofs_open: unknown.1:161@natnode Unable to open /hcc/PROTECTED/dweitzel-test/blah2.txt; permission denied
200501 00:14:33 13399 unknown.1:161@natnode XrootdResponse: sending err 3010: Unable to open /hcc/PROTECTED/dweitzel-test/blah2.txt; permission denied
200501 00:14:33 13399 unknown.1:161@natnode ofs_close: use=0 fn=dummy
200501 00:14:33 13399 XrootdXeq: unknown.1:161@natnode disc 0:00:01 (send failure)
200501 00:14:33 13399 unknown.1:161@natnode XrdPoll: FD 161 detached from poller 0; num=0
```

### Origin Log
```
200501 00:14:33 20363 XrdInet: Accepted connection from 141@cachenode
200501 00:14:33 20363 XrdProtLoad: matched port 1095 protocol xroot
200501 00:14:33 20363 anon:141@cachenode XrdPoll: FD 141 attached to poller 0; num=1
200501 00:14:33 20363 XrootdXeq: p0.13393:141@cachenode disc 0:00:00
200501 00:14:33 20363 p0.13393:141@cachenode XrdPoll: FD 141 detached from poller 0; num=0
200501 00:14:33 20364 XrdInet: Accepted connection from 143@cachenode
200501 00:14:33 20993 XrdSched: running main accept inq=0
200501 00:14:33 20364 XrdProtLoad: matched port 1095 protocol xroot
200501 00:14:33 20364 anon:143@cachenode XrdPoll: FD 143 attached to poller 0; num=1
200501 00:14:33 20364 XrootdXeq: xrootd.13393:143@cachenode disc 0:00:00
200501 00:14:33 20364 xrootd.13393:143@cachenode XrdPoll: FD 143 detached from poller 0; num=0
```

I'm not sure if the TLS is conflicting with gsi?  What further debugging information would be useful?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/issues/1188

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1