Hello,
I am new to PROOF and am doing some testing a few nodes and am having trouble getting GSI authentication to work. I have two scenarios I want to test: reading from local disk and reading from the CMS xrootd federation. Reading from local disk works without issue. To read from cms-xrd-global.cern.ch I need to pass a valid proxy to PROOF.
I tried to enable gsi authentication on my manager and worker nodes with these config lines:
xpd.seclib libXrdSec.so
xpd.sec.protocol gsi -dlgpxy:1
When I run my script, I am prompted for my passphrase and once I enter it I immediately see this message:
*** Break *** segmentation violation
Here is the bottom of the stack trace:
#11 0x00000032384ae907 in bn_mul_words () from /usr/lib64/libcrypto.so.10
#12 0x00000032384a96fc in BN_mul () from /usr/lib64/libcrypto.so.10
#13 0x00000032384c85de in RSA_check_key () from /usr/lib64/libcrypto.so.10
#14 0x00002b6ba75a582e in XrdSslgsiX509CreateProxy(char const*, char const*, XrdProxyOpt_t*, XrdCryptosslgsiX509Chain*, XrdCryptoRSA**, char const*) () from /cvmfs/cms.cern.ch/slc6_amd64_gcc481/cms/cmssw/CMSSW_7_3_0/external/slc6_amd64_gcc481/lib/libXrdCryptossl.so.1
#15 0x00002b6ba7575df2 in XrdSecProtocolgsi::InitProxy(ProxyIn_t*, XrdCryptosslgsiX509Chain*, XrdCryptoRSA**) () from /cvmfs/cms.cern.ch/slc6_amd64_gcc481/cms/cmssw/CMSSW_7_3_0/external/slc6_amd64_gcc481/lib/libXrdSecgsi.so
#16 0x00002b6ba757652a in XrdSecProtocolgsi::QueryProxy(bool, XrdSutCache*, char const*, XrdCryptoFactory*, int, ProxyIn_t*, ProxyOut_t*) () from /cvmfs/cms.cern.ch/slc6_amd64_gcc481/cms/cmssw/CMSSW_7_3_0/external/slc6_amd64_gcc481/lib/libXrdSecgsi.so
#17 0x00002b6ba75791e3 in XrdSecProtocolgsi::ClientDoInit(XrdSutBuffer*, XrdSutBuffer**, XrdOucString&) () from /cvmfs/cms.cern.ch/slc6_amd64_gcc481/cms/cmssw/CMSSW_7_3_0/external/slc6_amd64_gcc481/lib/libXrdSecgsi.so
#18 0x00002b6ba75793a5 in XrdSecProtocolgsi::ParseClientInput(XrdSutBuffer*, XrdSutBuffer**, XrdOucString&) () from /cvmfs/cms.cern.ch/slc6_amd64_gcc481/cms/cmssw/CMSSW_7_3_0/external/slc6_amd64_gcc481/lib/libXrdSecgsi.so
#19 0x00002b6ba7579705 in XrdSecProtocolgsi::getCredentials(XrdSecBuffer*, XrdOucErrInfo*) () from /cvmfs/cms.cern.ch/slc6_amd64_gcc481/cms/cmssw/CMSSW_7_3_0/external/slc6_amd64_gcc481/lib/libXrdSecgsi.so
#20 0x00002b6ba689e40a in XrdProofConn::Authenticate (this=0x1bfab70, plist=0x1da52b0 “&P=gsi,v:10300,c:ssl,ca:c7a717ce.0”, plsiz=35) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proofd/src/XrdProofConn.cxx:1287
#21 0x00002b6ba689db9d in XrdProofConn::Login (this=0x1bfab70) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proofd/src/XrdProofConn.cxx:1177
#22 0x00002b6ba689bead in XrdProofConn::GetAccessToSrv (this=0x1bfab70, p=0x0) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proofd/src/XrdProofConn.cxx:881
#23 0x00002b6ba6897d8e in XrdProofConn::Connect (this=0x1bfab70) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proofd/src/XrdProofConn.cxx:224
#24 0x00002b6ba6897ac9 in XrdProofConn::Init (this=0x1bfab70, url=0x1d92250 “proof://cms-a000.rcac.purdue.edu:1093/”) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proofd/src/XrdProofConn.cxx:182
#25 0x00002b6ba689768f in XrdProofConn::XrdProofConn (this=0x1bfab70, url=0x1d92250 “proof://cms-a000.rcac.purdue.edu:1093/”, m=77 ‘M’, psid=36, capver=1 ‘001’, uh=0x1d92530, logbuf=0x1d92589 “”) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proofd/src/XrdProofConn.cxx:118
#26 0x00002b6ba688be0b in TXSocket::TXSocket (this=0x1d92390, url=0x1d92250 “proof://cms-a000.rcac.purdue.edu:1093/”, m=67 ‘C’, psid=36, capver=1 ‘001’, logbuf=0x0, loglevel=-1, handler=0x1d8b0a0) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proofx/src/TXSocket.cxx:192
#27 0x00002b6ba6878b9d in TXProofMgr::Init (this=0x1d8af20) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proofx/src/TXProofMgr.cxx:123
#28 0x00002b6ba6878a6c in TXProofMgr::TXProofMgr (this=0x1d8af20, url=0x1d8aa70 “proof://cms-a000.rcac.purdue.edu/”, dbg=-1, alias=0x0) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proofx/src/TXProofMgr.cxx:101
#29 0x00002b6ba68789c0 in GetTXProofMgr (url=0x1d8aa70 “proof://cms-a000.rcac.purdue.edu/”, l=-1, al=0x0) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proofx/src/TXProofMgr.cxx:82
#30 0x00002b6ba64c1fc2 in TProofMgr::Create (uin=0x1d8aab0 “http://cms-a000.rcac.purdue.edu:1093/”, loglevel=-1, alias=0x0, xpd=true) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proof/src/TProofMgr.cxx:564
#31 0x00002b6ba64a6502 in TProof::Open (cluster=0x1d1d528 “cms-a000.rcac.purdue.edu:1093”, conffile=0x1d1d840 “workers=10”, confdir=0x0, loglevel=0) at /build/bellenot/SPI/x86_64-slc6-gcc48-dbg/root/proof/proof/src/TProof.cxx:12069
I also tried this line I saw from a different post:
xpd.sec.protocol gsi -dlgpxy:1 -d:1 -certdir:/etc/grid-security/certificates -cert:/etc/grid-security/xrd/xrdcert.pem -key:/etc/grid-security/xrd/xrdkey.pem
But, still get the same result.
Any thoughts on where this error is coming from? I attached my xpd.cf. Let me know if you would like any other information.
Thanks,
Erik
xpd.cf.txt (943 Bytes)