Hi,
I’m trying to install proof on a tiny, 12 slave farm. No security involved, as they’re in a private subnet only reachable through a server. So all nodes (called node-1…node-6, 2CPUs each) are in the hosts.equiv file, which means no passwords needed - who has managed to get onto the server is also allowed to log on to the nodes.
First question: I don’t know how to enable hosts.equiv “authentication” using proof. Haven’t seen a switch for that (I was guessing on the “uidgid” param for proof.conf, but aparently it’s not). Would that be difficult to implement? What does “uidgid” do? There’s no doc on it in README.PROOF.
Second problem. We have krb5 on our system. We use it for FNAL access, but not for accessing our small local farm. But with the current proofd.cxx there’s no way to a) disable krb5 initialization, or b) make proofd continue after krb5 initialization failed. Would it be possible to change the fatal error in case of unsuccessful krb5 initialization into a warning? I did that for our local setup, to be able to continue - to the…
Third problem. I created a pwd hash file /home/naumann/.rootdpass ($HOME is shared between server and all nodes via NFS). I learned that an empty password has a special meaning for TAuth* (would it make sense to change that?). Okay, so I selected an “almost empty” password. But now I get stuck here (“tail -n relevant” from “gDebug=7; gROOT->Proof(“node-6”)” output):
naumann@node-6 password:
Info in <TAuthenticate::SecureSend>: local: enter ... (key: 1)
Info in <TAuthenticate::SecureSend>: local: sent 22 bytes (expected: 22)
Info in <TAuthenticate::ClearAuth>: after kROOTD_PASS: kind= 2001, stat= 9
Info in <TAuthenticate::ClearAuth>: received from server: user: naumann, offset: 0 (naumann 0)
Info in <TAuthenticate::SecureRecv>: got len '22' 22 (msg kind: 2039)
Info in <TAuthenticate::SecureRecv>: local: decoded string is 8 bytes long
Info in <TAuthenticate::ClearAuth>: received from server: token: 'oStuK5ob'
Info in <TAuthenticate::DecodeDetails>: analyzing ... pt:1 ru:1 cp:1 us:naumann
Info in <TAuthenticate::DecodeDetails>: Pt:1, Ru:1, Us:naumann
Info in <TAuthenticate::GetRemoteLogin>: details:pt:1 ru:1 cp:1 us:naumann
Info in <TAuthenticate::GetRemoteLogin>: returning: naumann
Info in <TAuthenticate::GetOffSet>: analyzing: Method:0, Details:pt:1 ru:1 cp:1 us:naumann
Info in <TAuthenticate::DecodeDetails>: analyzing ... pt:1 ru:1 cp:1 us:naumann
Info in <TAuthenticate::DecodeDetails>: Pt:1, Ru:1, Us:naumann
Info in <TAuthenticate::GetOffSet>: found Nw: 1, Wd: naumann (null) (null) (null)
Info in <TAuthenticate::GetOffSet>: found entry: met:0 det:pt:1 ru:1 cp:1 us:naumann off:0
Info in <TAuthenticate::GetOffSet>: returning: 0
Info in <TAuthenticate::SecureSend>: local: enter ... (key: 1)
Info in <TAuthenticate::SecureSend>: local: sent 22 bytes (expected: 22)
Info in <TPluginManager::FindHandler>: did not find plugin for class TSystem and uri /home/naumann/.rootauthrc
This is the last line of output I get; root doesn’t return to its prompt. Looking at the “proofd -d 3” server’s output in /var/log/messages:
Mar 10 16:33:46 node-6 proofd[18275]: ProofdLogin: user naumann authenticated
Mar 10 16:33:46 node-6 proofd[18275]: Authenticate: kind:2000 -- Meth:0 -- gAuth:1 -- gNumLeft:1
Mar 10 16:33:46 node-6 proofd[18275]: ProofdExec: send Okay (gSockFd: 0)
Mar 10 16:33:46 node-6 proofd[18275]: ProofdExec: execv(/usr/local/root/bin/proofserv, proofserv, /usr/local/root, /usr/tmp, d0-diskserver.d0farm.nijmegen, 9065, naumann)
Mar 10 16:33:59 node-6 proofd[18290]: Can't open/find Kerberos configuration file while initializing krb5
Mar 10 16:33:59 node-6 proofd[18290]: main: pid = 18290, gInetdFlag = 1
Mar 10 16:33:59 node-6 proofd[18290]: RpdSetDebugFlag: gDebug set to 3
Mar 10 16:33:59 node-6 proofd[18290]: RpdDefaultAuthAllow: Enter
Mar 10 16:33:59 node-6 proofd[18290]: RpdCheckDaemon: Enter ... sshd
Mar 10 16:33:59 node-6 kernel: kmod: failed to exec -s -k block-major-107, errno = 2
Mar 10 16:33:59 node-6 kernel: kmod: failed to exec -s -k block-major-107, errno = 2
Mar 10 16:33:59 node-6 proofd[18290]: RpdCheckDaemon: read 0 lines
Mar 10 16:33:59 node-6 proofd[18290]: RpdCheckSshd: Enter ...
Mar 10 16:33:59 node-6 proofd[18290]: RpdCheckSshd: cannot connect to local port 22
Mar 10 16:33:59 node-6 proofd[18290]: RpdDefaultAuthAllow: default list of secure methods available: 0 2
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: Enter: rcfile:
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: checking system: /usr/local/root/etc/system.rootrc
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: Proofd.Authentication:: 0 (0)
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: system: -1: /usr/local/root/etc/system.rootrc
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: user: -1:
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: checking local: .rootrc
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: local: -1:
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: checking system proof.conf: /usr/local/root/proof/etc/p
roof.conf
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: slave node-1 image=nfs uidgid # usrpwd
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: slave node-1 image=nfs uidgid # usrpwd
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: slave node-2 image=nfs uidgid # usrpwd
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: slave node-2 image=nfs uidgid # usrpwd
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: slave node-3 image=nfs uidgid # usrpwd
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: slave node-3 image=nfs uidgid # usrpwd
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: slave node-4 image=nfs uidgid # usrpwd
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: slave node-4 image=nfs uidgid # usrpwd
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: slave node-5 image=nfs uidgid # usrpwd
Mar 10 16:33:59 node-6 proofd[18290]: CheckGlobus: slave node-5 image=nfs uidgid # usrpwd
Mar 10 16:34:00 node-6 proofd[18290]: CheckGlobus: slave node-6 image=nfs uidgid # usrpwd
Mar 10 16:34:00 node-6 proofd[18290]: CheckGlobus: slave node-6 image=nfs uidgid # usrpwd
Mar 10 16:34:00 node-6 proofd[18290]: CheckGlobus: proof.conf: -1: /usr/local/root/proof/etc/proof.conf
Mar 10 16:34:00 node-6 proofd[18290]: CheckGlobus: exit: -1: .rootrc
Mar 10 16:34:00 node-6 proofd[18290]: ProofdExec: gGlobus: -1, gRcFile: .rootrc
Mar 10 16:34:00 node-6 proofd[18290]: ProofdExec: gOpenHost = node-6.d0farm.nijmegen
Mar 10 16:34:00 node-6 proofd[18290]: ProofdExec: gConfDir = /usr/local/root
Mar 10 16:34:00 node-6 proofd[18290]: ProofdExec: master/slave = slave
Mar 10 16:34:00 node-6 proofd[18290]: Authenticate got: 2012 --
Mar 10 16:34:00 node-6 proofd[18290]: RpdGuessClientProt: Enter: buf: '', kind: 2012
Mar 10 16:34:00 node-6 proofd[18290]: RpdGuessClientProt: guess for gClientProtocol is 9
So - who’s waiting for what?
Last comment: in README/README.PROOF line 81 it says
Should that read
(";" instead of “,”)?
I’d appreciate help with this boring, non-fancy and thus pretty unique setup.
Axel.