Good Morning
Facing an issue when using xrdcp in conjunction with GSI security.
Setup:
Server : Runs xrootd process and has access rights to a backend CEPH cluster
Client : Used to generate proxy certificate (voms-proxy-init), and run the xrdcp
Both server and client have the /etc/vomses and /etc/grid-security/certificates folder setup for the VO's.
Step 1) Server: xrootd process on the host is configured for GSI security
xrootd.seclib /usr/lib64/libXrdSec.so
sec.protparm gsi -vomsfun:libXrdVoms.so -vomsfunparms:certfmt=pem|grpopt=useall|dbg
sec.protocol gsi -dlgpxy:request -exppxy:=creds -crl:require -certdir:<dir location> -cert:<host cert location> -key:<host key location> -gridmap:<gridmap file location> -gmapopt:trymap -d:3
sec.protbind * only gsi
Step 2) Client: voms-proxy-init --voms <vo name> is used to generate a VOMS proxy and certificate is generated successfully after contacting VO
bash-4.2$ voms-proxy-init --voms dteam
Enter GRID pass phrase for this identity:
Contacting voms2.hellasgrid.gr:15004 [/C=GR/O=HellasGrid/OU=hellasgrid.gr/CN=voms2.hellasgrid.gr] "dteam"...
Remote VOMS server contacted succesfully.
Created proxy in /tmp/<filename>.
Your proxy is valid until Mon Oct 03 23:37:37 BST 2022
Step 3) Client: xrdcp is used to copy a file from the client to the server to write to the dteam VO
xrdcp testfile.txt root://<server>/dteam:test/testfile.txt -v --force
Step 4) Step 3 fails as follows
XrdVomsFun: retrieval FAILED: Cannot verify AC signature!
secgsi_Authenticate: VOMS: Entity.vorg: <none>
secgsi_Authenticate: VOMS: Entity.grps: <none>
secgsi_Authenticate: VOMS: Entity.role: <none>
secgsi_Authenticate: VOMS: Entity.endorsements: <none>
Any inputs would be much appreciated. If you need more information, pls let me know
Thanks
Vijay
This email and any attachments are intended solely for the use of the named recipients. If you are not the intended recipient you must not use, disclose, copy or distribute this email or any of its attachments and should notify the sender immediately and delete this email from your system. UK Research and Innovation (UKRI) has taken every reasonable precaution to minimise risk of this email or any attachments containing viruses or malware but the recipient should carry out its own virus and malware checks before opening the attachments. UKRI does not accept any liability for any losses or damages which the recipient may sustain due to presence of any viruses.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1