Hi Jim, thanks for the answer, no pressure. I'll try to increase the verbosity of 5.2.4 and check 6.0 (you're right, I'm testing the latest GT version). I'll let you know in the next days. Best,
Matteo Matteo Lanati Distributed Resources Group Leibniz-Rechenzentrum (LRZ) Boltzmannstrasse 1 85748 Garching b. München (Germany) Phone: +49 89 35831 8724 ________________________________________ From: Basney, Jim <jbas...@illinois.edu> Sent: 22 June 2015 19:36 To: Lanati, Matteo Cc: gt-user@lists.globus.org Subject: Re: [gt-user] Problems with MyProxy and VOMS support Hi Matteo, Sorry for the slow response. Unfortunately I don't have easy access to a VOMS environment to try to reproduce the problem you've reported. I think the "VOMS AC doesn't verify" message is not a symptom of the problem. I think you should also see that message from your working GT 5.2.4 install. I think that debug message is always printed for proxies stored in the MyProxy repository when adding VOMS attributes. Reviewing the code, I'd expect to see some other error thrown by the myproxy-server if it failed to insert the VOMS attributes. There was some re-organization of the VOMS code in the MyProxy v6.1.6 release that may have introduced a bug, but that's just an unsubstantiated suspicion on my part. I assume you're seeing this behavior with globus_toolkit-6.0.1421093009.tar.gz from http://toolkit.globus.org/ftppub/gt6/installers/src. It would be helpful to know if the same problem occurs with the original GT 6.0 tarball (globus_toolkit-6.0.tar.gz) from September 2014 before the MyProxy v6.1.6 updates. I opened https://github.com/globus/globus-toolkit/issues/31 to track this issue. Regards, Jim On 6/19/15, 10:00 AM, Lanati, Matteo wrote: >Hi all, > >I compiled MyProxy with VOMS support from the latest source tarball >available, linking it against voms version 2.0.10 and openssl 1.0.1h. >I think the result is fine: >- if I do a $GLOBUS_LOCATION/sbin/myproxy-server -V I see "myproxy-server >version MYPROXYv2 (v6.1 Jun 2015 PAM VOMS OCSP)², meaning that VOMS >support is there >- if I look at the executable, I see the dependency from libvomsapi, >"libvomsapi.so.1 => /opt/voms/lib/libvomsapi.so.1². >Unfortunately, when I try to retrieve a proxy that I uploaded earlier and >ask MyProxy to sign it for me, it fails. The proxy is issued, but without >the VO signature. >On the client I do > >myproxy-logon -m esr > >and I see > >Enter MyProxy pass phrase: >failed to run voms-proxy-init: No such file or directory >A credential has been received for user Š > >Of course I don¹t have voms-proxy-init on my client, that¹s the whole >point of using MyProxy for this task. > >On the server side I see > >... >Passphrase matches credentials, and PAM config is "sufficient"; >authentication succeeds without checking PAM. > Owner: matteo > Location: /var/myproxy_test/ ... > Max. delegation lifetime: 43200 seconds >Sending OK response to client /C=... >retrieving proxy >Stored Credential is Proxy. VOMS AC doesn't verify. >retrieving VOMS User Information. >Retrieve esr VO >Contact to VOMS Server: voms.grid.sara.nl >Delegating credentials for /C=... lifetime=43200 >Sending OK response to client /C=... >Client /C=... disconnected > >Is the message "Stored Credential is Proxy. VOMS AC doesn't verify² the >symptom of a problem? >In the config file I defined > >allow_voms_attribute_requests true >voms_userconf /etc/vomses > >and it seems that my VO (esr) and the VOMS server have been identified. > >The whole setup used to work with GT 5.2.4 (compiled from scratch). >Is there any suggestion? > >Best, > >Matteo > > > > >Matteo Lanati >Distributed Resources Group >Leibniz-Rechenzentrum (LRZ) >Boltzmannstrasse 1 >85748 Garching b. München (Germany) >Phone: +49 89 35831 8724