[gt-user] Re: ***SPAM*** Problem in using LCAS-LCMAPS with Globus and VOMS

Mon, 29 Sep 2008 05:03:36 -0700 

Hi Oscar,
    Correct me if I am wrong : VOMS credential is supported for accessing
pre-WS globus services like Globus gate-keeper and Globus gridFTP(Not
only the glite versions) via the lcas-lcmaps-gt4-interface?
If yes, then the following should work.
    I have taken the binary from the link :
http://eticssoft.web.cern.ch/eticssoft/repository/org.glite/org.glite.security.lcas-lcmaps-gt4-interface/0.0.14
The bug #35981 is fixed in this?

And I am using Globus gridftp in GT4.0.7
On calling globus-url-copy, getting error :
---------------------------------------------------
debug: starting to get gsiftp://192.168.61.197/home/globususer/tot
debug: connecting to gsiftp://192.168.61.197/home/globususer/tot
debug: response from gsiftp://192.168.61.197/home/globususer/tot:
220 192.168.61.197 GridFTP Server 2.7 (gcc32dbg, 1204845443-63) [Globus
Toolkit 4.0.7] ready.

debug: authenticating with gsiftp://192.168.61.197/home/globususer/tot
debug: fault on connection to
gsiftp://192.168.61.197/home/globususer/tot: an end-of-file was reached
debug: data callback, error an end-of-file was reached, buffer
0xb7deb008, length 0, offset=0, eof=true
debug: operation complete
error: an end-of-file was reached
globus_xio: An end of file occurred.
--------------------------------------------
The file gets created with 0 bytes.
Attaching the configuration files.

Kindly advise.

Also, how do I enable logging in LCAS-LCMAPS, so that I can trace the
entire flow?


Thanks & Regards,
Vipul Borikar
CDAC,Banglore






> Hello Vipul,
>
> Please look for the newer version of the gt4 interface which has the
> names fixed (and a bug fixed): glite-security-lcas-lcmaps-gt4-interface
>
> And I'd update the LCAS and LCMAPS installation to the glite versions:
> http://linuxsoft.cern.ch/EGEE/gLite/R3.1/generic/sl4/i386/RPMS.release/
>
> Also in the glite-security-lcas-lcmaps-gt4-interface package, there
> should be a small script that loads the lcas-lcmaps-gt4-interface and
> redirects it to the LCAS and LCMAPS frameworks for the AuthZ and
> identity mapping functionality.
>
> These edg-* tools are very old.
>
> The LCAS framework now has the configuration to allow
> "/VO=trial/GROUP=trial/*" globus
>
> This should be changed to the new format for VOMS FQANs
> "/trial" globus
> "/trial/*" globus
>
> Here is more info on the configuration:
> https://savannah.cern.ch/patch/?1830
>
> The lcmaps configuration on that page is not for a GridFTP, but the
> version of the RPMS that are used now in the EGEE systems is stated here.
>
>
> When I look at the lcas-vomsfile you send, then I guess this to be your
> grid-mapfile for testing. As the 'globus' account is a non-pool account,
> its a local account. If you wish to do the identity (to Unix account)
> mapping based on the VOMS FQANs, then you should use the
> voms_localaccount plugin and the posix_enf plugin.
>
>
> Example lcmaps.db:
> BOF
> path = /opt/glite/lib/modules
>
>
> vomslocalaccount = "lcmaps_voms_localaccount.mod"
> " -gridmapfile /etic/grid-security/gridmapfile"
>
> posix_enf = "lcmaps_posix_enf.mod"
>
>
> # policies
> vomsevalpolicy:
> vomslocalaccount -> posix_enf
> EOF
>
>
> cheers,
>
>       Oscar
>
>
>
> Vipul Borikar wrote:
>> Hello all,
>>     I am trying to access pre-WS components of Globus like gridFTP
>> through VOMS credential.
>> For this, I have installed the following :
>> #GT4.0.7
>> #VOMS server 1.8 and used it to generate VOMS certificates.
>> #LCAS, LCMAPS binary RPM for Red hat is taken from the link
>> http://grid-deployment.web.cern.ch/grid-deployment/download/RpmDir/WP4/
>> The components installed are :
>> # edg-lcas_gcc3_2_2-voms_plugins-1.1.22-1
>> # edg-lcas_gcc3_2_2-1.1.22-1
>> # edg-lcmaps_gcc3_2_2-0.0.30-1
>> # edg-lcmaps_gcc3_2_2-voms_plugins-0.0.30-1
>> # edg-lcmaps_gcc3_2_2-basic_plugins-0.0.30
>> # org.glite.security.lcas-lcmaps-gt4-interface libraries from eticsoft
>>
>>
>> Then I generate VOMS credential through voms-proxy-init in the standard
>> location.
>> Then when I give the command
>>
>> globus-url-copy -dbg gsiftp://192.168.61.197/home/globususer/tot
>> file:///home/globususer/wall/tot1
>>
>> I get the error :
>> debug: starting to get gsiftp://192.168.61.197/home/globususer/tot
>> debug: connecting to gsiftp://192.168.61.197/home/globususer/tot
>> debug: response from gsiftp://192.168.61.197/home/globususer/tot:
>> 220 192.168.61.197 GridFTP Server 2.7 (gcc32dbg, 1204845443-63) [Globus
>> Toolkit 4.0.7] ready.
>>
>> debug: authenticating with gsiftp://192.168.61.197/home/globususer/tot
>> debug: fault on connection to
>> gsiftp://192.168.61.197/home/globususer/tot: an end-of-file was reached
>> debug: data callback, error an end-of-file was reached, buffer
>> 0xb7deb008, length 0, offset=0, eof=true
>> debug: operation complete
>>
>> error: an end-of-file was reached
>> globus_xio: An end of file occurred.
>>
>> The file gets created with 0 bytes.
>> Has anyone tried this?
>> Attaching the file lcas_voms.mapfile and the voms-proxy-info
>>
>> Thanks & Regards,
>> Vipul Borikar
>> CDAC Banglore,India
>>
>>
>
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


globus_mapping /opt/glite/lib/liblcas_lcmaps_gt4_mapping_gcc32.so lcmaps_callout
# For the wilma VO:
#"/VO=wilma/GROUP=*" .wilma

# For the fred VO:
#"/VO=fred/GROUP=*" .fred

# For the iteam VO:
#"/VO=iteam/GROUP=iteam*" .iteam

# For the wpsix VO:
#"/VO=iteam/GROUP=wpsix*" .wpsix

"/VO=trial/GROUP=trial/*" globus

# LCMAPS policy file/plugin definition
#
# default path
path =/opt/glite/lib/lcmaps/lib/modules

# Plugin definitions:

vomslocalaccount = 
"/opt/glite/lib/lcmaps_plugin_voms/lib/modules/lcmaps_voms_localaccount.mod"
                   "-gridmap /opt/edg/etc/lcmaps/vomapfile.in"



posix_enf        = 
"/opt/glite/lib/lcmaps_plugin_basic/lib/modules/lcmaps_posix_enf.mod"
                   "-maxuid 1"
                   "-maxpgid 1"
                   "-maxsgid 32"
#vomsextract      = "lcmaps_voms.mod"
#                       "-vomsdir /etc/grid-security/vomsdir"
#                       "-certdir /etc/grid-security/certificates"
#vomslocalgroup   = "lcmaps_voms_localgroup.mod"
#                       "-groupmapfile /etc/grid-security/groupmapfile"
#                       "-mapmin 0"
#vomspoolaccount  = "lcmaps_voms_poolaccount.mod"
#                       "-gridmapfile /etc/grid-security/grid-mapfile"
#                       "-gridmapdir /etc/grid-security/gridmapdir"
#                       " -override_inconsistency"



# Policies:
#voms:
#vomsextract -> vomslocalgroup
#vomslocalgroup -> vomspoolaccount

#standaard:
#localaccount -> posix_enf | poolaccount
#poolaccount -> posix_enf

vomsevalpolicy:
vomslocalaccount -> posix_enf
EOF
# LCAS database/plugin list
#
# Format of each line:
# pluginname="<name/path of plugin>", pluginargs="<arguments>"
#
#
#pluginname="lcas_userallow.mod",pluginargs="allowed_users.db"
#pluginname="lcas_userban.mod",pluginargs="ban_users.db"
#pluginname="lcas_timeslots.mod",pluginargs="timeslots.db"
#pluginname="lcas_plugin_example.mod",pluginargs="Some bogus arguments"
pluginname="/opt/glite/lib/lcas_pugins_voms/lib/modules/lcas_voms.mod",pluginargs="-vomsdir
 /etc/grid-security/vomsdir -certdir /etc/grid-security/certificates -authfile 
/opt/edg/etc/lcas/lcas_voms.mapfile"

"/VO=trial/GROUP=trial/*" globus

Reply via email to