Hi! I just observed on my servers (4.12.3) that http is no longer working (it seems that at one moment it was working)
meaning that ALICE authz envelope is not decoded
at this moment when trying with curl i get:
* Trying 85.120.46.25:1094...
* TCP_NODELAY set
* Connected to storage05.spacescience.ro (85.120.46.25) port 1094 (#0)
> GET //home/aliprod/data/04/53413/5db44470-1dc5-11eb-a2c0-08f1eaf0250c?authz=-----BEGIN+SEALED+CIPHER-----long_auth_envelope-----END+SEALED+ENVELOPE-----%0A HTTP/1.1
> Host: storage05.spacescience.ro:1094
> User-Agent: curl/7.66.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Connection: Close
Connection: Close
< Content-Length: 99
Content-Length: 99
<
Unable to open /home/aliprod/data/04/53413/5db44470-1dc5-11eb-a2c0-08f1eaf0250c; permission denied
and in logs i see:
201103 17:01:34 1572 XrootdBridge: unknown.9:129@[::46.243.114.230] login as nobody
XrdAggregatingN2N processing. buff='/home/aliprod/data/04/53413/5db44470-1dc5-11eb-a2c0-08f1eaf0250c'
Error: nothing could be decrypted
201103 17:01:35 1572 XrdAliceTokenAcc::Access: Unable to read provided authz for /home/aliprod/data/04/53413/5db44470-1dc5-11eb-a2c0-08f1eaf0250c; permission denied
201103 17:01:35 1572 ofs_open: unknown.9:129@[::46.243.114.230] Unable to open /home/aliprod/data/04/53413/5db44470-1dc5-11eb-a2c0-08f1eaf0250c; permission denied
201103 17:01:35 1572 XrootdXeq: unknown.9:129@[::46.243.114.230] disc 0:00:01 (send failure)
e metafile that have a working xrootd path can be found here:
https://cernbox.cern.ch/index.php/s/V21naWT790be6p8
the same envelope is working with our EOS where the xrootd is 4.11.3
the server settings for http are
if exec xrootd
xrd.protocol http /usr/lib64/libXrdHttp.so
http.exthandler xrdtpc /usr/lib64/libXrdHttpTPC.so
http.header2cgi Authorization authz
http.header2cgi authz authz
http.listingdeny yes
http.trace all
fi
and with trace all on the server i see:
sec_PM: Using unix protocol, args=''
--
201103 20:38:39 26982 sysXrdHttp: rc:38 got hdr line: Host: storage05.spacescience.ro:1094
201103 20:38:39 26982 sysXrdHttp: rc:25 got hdr line: User-Agent: curl/7.66.0
201103 20:38:39 26982 sysXrdHttp: rc:13 got hdr line: Accept: */*
201103 20:38:39 26982 sysXrdHttp: rc:2 got hdr line:
201103 20:38:39 26982 sysXrdHttp: rc:2 detected header end.
201103 20:38:39 26982 XrootdBridge: unknown.3:98@[::46.243.114.230] login as nobody
i cannot test 5.x as i did not re-packaged the ALICE xrootd plugins for xrootd5
Did anything changed between 4.11.3 and 4.12.3 in regard of conversion of authz envelopes?
Thank you!
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1