LISTSERV 16.5 - XROOTD-DEV Archives

OK, I think I got the traces right this time. Apologies for the delay. Below are two configs and two traces. 

First, here is the proxy config

```
all.export /
ofs.osslib libXrdPss.so
ofs.ckslib * libXrdPss.so
pss.origin sciwork1802.jlab.org:1094
pss.persona client
http.header2cgi Authorization authz
xrd.tls /etc/grid-security/xrd/hostcert.pem /etc/grid-security/xrd/hostkey.pem
xrd.tlsca certdir /etc/grid-security/certificates
xrootd.seclib default
ofs.authorize
acc.authdb /etc/xrootd/Authfile
acc.authrefresh 60
ofs.authlib ++ libXrdAccSciTokens.so
sec.protocol ztn
sec.protbind *jlab.org ztn
sec.protocol ztn
sec.protocol sss -k -s /etc/xrootd/proxy.keytab -c /etc/xrootd/proxy.keytab --getcreds --proxy ztn
sec.protbind dtn*jlab.org sss
sec.protbind xrdmgr*jlab.org sss
all.adminpath /var/spool/xrootd
all.pidpath /var/run/xrootd
sec.trace debug
ofs.trace -all
xrootd.trace all
scitokens.trace all debug
ztn.trace all debug
auth.trace all debug
```


Next, the origin config:
```
all.export /gluex
oss.localroot /export/test-xrootd
xrd.port 1094
all.role server
xrootd.seclib default
xrd.tls /etc/grid-security/xrd/hostcert.pem /etc/grid-security/xrd/hostkey.pem
xrd.tlsca certdir /etc/grid-security/certificates
ofs.osslib ++ libXrdMultiuser.so
ofs.ckslib ++ libXrdMultiuser.so
xrootd.trace all
auth.trace all debug
scitokens.trace all
#all.manager xrdmgr1 3121
sec.protocol ztn
sec.protocol sss -k -s /etc/xrootd/proxy.keytab -c /etc/xrootd/proxy.keytab --getcreds --proxy ztn
sec.protbind dtn*jlab.org sss
sec.protbind xrdmgr*jlab.org sss
all.adminpath /var/spool/xrootd
all.pidpath /var/run/xrootd
```

Here's the trace on the proxy:
```
------ xrootd [log in to unmask]:1094 initialization completed.
221212 08:42:22 29319 anon.0:22@dtn2201 Xrootd_Protocol: 0000 req=protocol dlen=0
221212 08:42:22 29319 anon.0:22@dtn2201 Xrootd_Response: 0000 sending 8 data bytes; status=0
221212 08:42:22 29319 XrdLinkXeq: anon.0:22@dtn2201 connection upgraded to TLSv1.2
221212 08:42:22 29319 anon.0:22@dtn2201 Xrootd_Protocol: 0000 req=login dlen=92
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Response: 0000 sending 54 data bytes; status=0
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0000 req=auth dlen=218
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Response: 0000 sending OK
p0.3575346:22@dtn2201 Protocol 'sss'
p0.3575346:22@dtn2201 Name 'xrootd'
p0.3575346:22@dtn2201 Host 'dtn2201.jlab.org'
p0.3575346:22@dtn2201 Vorg ''
p0.3575346:22@dtn2201 Role ''
p0.3575346:22@dtn2201 Grps ''
p0.3575346:22@dtn2201 Caps ''
p0.3575346:22@dtn2201 Pidn 'p0.3575346:22@dtn2201'
p0.3575346:22@dtn2201 Crlen 0
p0.3575346:22@dtn2201 ueid  1
p0.3575346:22@dtn2201 uid   985
p0.3575346:22@dtn2201 gid   933
221212 08:42:22 29319 XrootdXeq: p0.3575346:22@dtn2201 pub IP46 TLSv1.2 login as xrootd
221212 08:42:22 29319 multiuser_UserSentry: Switching FS uid for user xrootd
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0000 req=endsess dlen=0
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0000 endsess 24999:23.8
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Response: 0000 sending OK
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0100 req=stat dlen=10
221212 08:42:22 29319 multiuser_UserSentry: Switching FS uid for user xrootd
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0100 rc=0 stat /gluex/fff
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Response: 0100 sending 83 data bytes
221212 08:42:22 29318 anon.0:23@dtn2201 Xrootd_Protocol: 0000 req=protocol dlen=0
221212 08:42:22 29318 anon.0:23@dtn2201 Xrootd_Response: 0000 sending 8 data bytes; status=0
221212 08:42:22 29318 XrdLinkXeq: anon.0:23@dtn2201 connection upgraded to TLSv1.2
221212 08:42:22 29318 anon.0:23@dtn2201 Xrootd_Protocol: 0000 req=login dlen=92
221212 08:42:22 29318 U2.3575346:23@dtn2201 Xrootd_Response: 0000 sending 54 data bytes; status=0
221212 08:42:22 29318 U2.3575346:23@dtn2201 Xrootd_Protocol: 0000 req=auth dlen=1260
221212 08:42:22 29318 U2.3575346:23@dtn2201 Xrootd_Response: 0000 sending OK
U2.3575346:23@dtn2201 Protocol 'ztn'
U2.3575346:23@dtn2201 Name 'http://cilogon.org/serverA/users/6772316'
U2.3575346:23@dtn2201 Host 'dtn2201.jlab.org'
U2.3575346:23@dtn2201 Vorg ''
U2.3575346:23@dtn2201 Role ''
U2.3575346:23@dtn2201 Grps ''
U2.3575346:23@dtn2201 Caps ''
221212 08:42:22 3575352 scitokens_Reconfig: Parsing configuration file: /etc/xrootd/scitokens.cfg
221212 08:42:22 3575352 scitokens_Reconfig: Configuring issuer https://cilogon.org/jlab
221212 08:42:22 3575352 scitokens_Reconfig: Successfully parsed SciTokens mapfile: /etc/xrootd/scitokens-map.json
221212 08:42:22 3575352 scitokens_Access: Token not found in recent cache; parsing.
221212 08:42:22 3575352 scitokens_Access: New valid token mapped_username=xrootd, subject=http://cilogon.org/serverA/users/6772316, issuer=https://cilogon.org/jlab, authorizations=/gluex:read,dir,stat,create,mkdir,mv,insert,update,chmod,del
221212 08:42:22 3575352 scitokens_Access: Grant authorization based on scopes for operation=stat, path=/gluex/fff
221212 08:42:22 3575352 scitokens_Access: Request username bhess
221212 08:42:22 3575352 bhess.154395:34@ifarm1802 Xrootd_Protocol: 0100 rc=0 stat /gluex/fff
221212 08:42:22 3575352 bhess.154395:34@ifarm1802 Xrootd_Response: 0100 sending 71 data bytes
221212 08:42:22 3575352 bhess.154395:34@ifarm1802 Xrootd_Protocol: 0100 req=open dlen=23
221212 08:42:22 3575352 bhess.154395:34@ifarm1802 Xrootd_Protocol: 0100 open udmat /gluex/fff?oss.asize=12
221212 08:42:22 3575352 scitokens_Access: Trying token-based access control
221212 08:42:22 3575352 scitokens_Access: Cached token mapped_username=xrootd, subject=http://cilogon.org/serverA/users/6772316, issuer=https://cilogon.org/jlab, authorizations=/gluex:read,dir,stat,create,mkdir,mv,insert,update,chmod,del
221212 08:42:22 3575352 scitokens_Access: Grant authorization based on scopes for operation=create, path=/gluex/fff
221212 08:42:22 3575352 scitokens_Access: Request username bhess
221212 08:42:22 3575352 ofs_open: bhess.154395:34@ifarm1802 Unable to open /gluex/fff; permission denied
221212 08:42:22 3575352 bhess.154395:34@ifarm1802 Xrootd_Response: 0100 sending err 3010: Unable to open /gluex/fff; permission denied
221212 08:42:22 3575352 XrootdXeq: bhess.154395:34@ifarm1802 disc 0:00:00
```


Here's the auth trace on the origin
```
------ xroot protocol initialization completed.
------ xrootd [log in to unmask]:1094 initialization completed.
221212 08:42:22 29319 anon.0:22@dtn2201 Xrootd_Protocol: 0000 req=protocol dlen=0
221212 08:42:22 29319 anon.0:22@dtn2201 Xrootd_Response: 0000 sending 8 data bytes; status=0
221212 08:42:22 29319 XrdLinkXeq: anon.0:22@dtn2201 connection upgraded to TLSv1.2
221212 08:42:22 29319 anon.0:22@dtn2201 Xrootd_Protocol: 0000 req=login dlen=92
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Response: 0000 sending 54 data bytes; status=0
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0000 req=auth dlen=218
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Response: 0000 sending OK
p0.3575346:22@dtn2201 Protocol 'sss'
p0.3575346:22@dtn2201 Name 'xrootd'
p0.3575346:22@dtn2201 Host 'dtn2201.jlab.org'
p0.3575346:22@dtn2201 Vorg ''
p0.3575346:22@dtn2201 Role ''
p0.3575346:22@dtn2201 Grps ''
p0.3575346:22@dtn2201 Caps ''
p0.3575346:22@dtn2201 Pidn 'p0.3575346:22@dtn2201'
p0.3575346:22@dtn2201 Crlen 0
p0.3575346:22@dtn2201 ueid  1
p0.3575346:22@dtn2201 uid   985
p0.3575346:22@dtn2201 gid   933
221212 08:42:22 29319 XrootdXeq: p0.3575346:22@dtn2201 pub IP46 TLSv1.2 login as xrootd
221212 08:42:22 29319 multiuser_UserSentry: Switching FS uid for user xrootd
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0000 req=endsess dlen=0
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0000 endsess 24999:23.8
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Response: 0000 sending OK
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0100 req=stat dlen=10
221212 08:42:22 29319 multiuser_UserSentry: Switching FS uid for user xrootd
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0100 rc=0 stat /gluex/fff
221212 08:42:22 29319 p0.3575346:22@dtn2201 Xrootd_Response: 0100 sending 83 data bytes
221212 08:42:22 29318 anon.0:23@dtn2201 Xrootd_Protocol: 0000 req=protocol dlen=0
221212 08:42:22 29318 anon.0:23@dtn2201 Xrootd_Response: 0000 sending 8 data bytes; status=0
221212 08:42:22 29318 XrdLinkXeq: anon.0:23@dtn2201 connection upgraded to TLSv1.2
221212 08:42:22 29318 anon.0:23@dtn2201 Xrootd_Protocol: 0000 req=login dlen=92
221212 08:42:22 29318 U2.3575346:23@dtn2201 Xrootd_Response: 0000 sending 54 data bytes; status=0
221212 08:42:22 29318 U2.3575346:23@dtn2201 Xrootd_Protocol: 0000 req=auth dlen=1260
221212 08:42:22 29318 U2.3575346:23@dtn2201 Xrootd_Response: 0000 sending OK
U2.3575346:23@dtn2201 Protocol 'ztn'
U2.3575346:23@dtn2201 Name 'http://cilogon.org/serverA/users/6772316'
U2.3575346:23@dtn2201 Host 'dtn2201.jlab.org'
U2.3575346:23@dtn2201 Vorg ''
U2.3575346:23@dtn2201 Role ''
U2.3575346:23@dtn2201 Grps ''
U2.3575346:23@dtn2201 Caps ''
U2.3575346:23@dtn2201 Pidn 'bhess.154395:34@ifarm1802'
U2.3575346:23@dtn2201 Crlen 986
U2.3575346:23@dtn2201 ueid  2
U2.3575346:23@dtn2201 uid   0
U2.3575346:23@dtn2201 gid   0
U2.3575346:23@dtn2201Attr  xrd.appname = 'xrdcp'
U2.3575346:23@dtn2201Attr   = ''
221212 08:42:22 29318 XrootdXeq: U2.3575346:23@dtn2201 pub IP46 TLSv1.2 login as http://cilogon.org/serverA/users/6772316 via ztn auth for bhess.154395:34@ifarm1802
221212 08:42:22 29318 multiuser_UserSentry: XRootD mapped request to username that does not exist: http://cilogon.org/serverA/users/6772316
221212 08:42:22 29318 U2.3575346:23@dtn2201 Xrootd_Protocol: 0100 req=open dlen=23
221212 08:42:22 29318 U2.3575346:23@dtn2201 Xrootd_Protocol: 0100 open udmt /gluex/fff?oss.asize=12
221212 08:42:22 29318 multiuser_UserSentry: XRootD mapped request to username that does not exist: http://cilogon.org/serverA/users/6772316
221212 08:42:22 29318 ofs_open: U2.3575346:23@dtn2201 Unable to create /gluex/fff; permission denied
221212 08:42:22 29318 U2.3575346:23@dtn2201 Xrootd_Response: 0100 sending err 3010: Unable to create /gluex/fff; permission denied
221212 08:42:22 29318 XrdTLS: U2.3575346:23@dtn2201 TLS error rc=0 ec=6 (zero_return) errno=0.
221212 08:42:22 29318 XrootdXeq: U2.3575346:23@dtn2201 disc 0:00:00
221212 08:42:22 29318 multiuser_UserSentry: XRootD mapped request to username that does not exist: http://cilogon.org/serverA/users/6772316
221212 08:42:25 29319 p0.3575346:22@dtn2201 Xrootd_Protocol: 0100 request timeout; read 0 of 24 bytes
```



-- 
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/issues/1851#issuecomment-1346546187
You are receiving this because you commented.

Message ID: <[log in to unmask]>

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1