But I have problem. I connect to PROOF from remote machine. (for example my user name xrootd01).
But I wrote another user name (for example xrootd02). Both of these users are added in /etc/passwd on master and all nodes.
And system allows me connect with PROOF as another user.
[code][xrootd01[@xxx]~% root
Couldn’t find font “-adobe-helvetica-medium-r---10-----*-iso8859-1”,
trying “fixed”. Please fix your system so helvetica can be found,
this font typically is in the rpm (or pkg equivalent) package
XFree86-[75,100]dpi-fonts or fonts-xorg-[75,100]dpi.
*
W E L C O M E to R O O T *
*
Version 5.26/00 14 December 2009 *
*
You are welcome to visit our Web site *
http://root.cern.ch *
*
ROOT 5.26/00 (trunk@31882, Dec 14 2009, 20:18:36 on linuxx8664gcc)
CINT/ROOT C/C++ Interpreter version 5.17.00, Dec 21, 2008
Type ? for help. Commands must be C++ statements.
Enclose multiple statements between { }.
root [0] TProof *p1 = TProof::Open("xrootd02@proof.xxx")
Starting master: opening connection …
Starting master: OK
Opening connections to workers: OK (34 workers)
Setting up worker servers: OK (34 workers)
PROOF set to parallel mode (34 workers)
root [1]
[/code]
I think in this situation message permission denied must be appeared. Connection must be denied.
What should I do to prevent situation when one user can connect to PROOF as another user?
Once activated, password-authentication via /etc/passwd will allow to connect all the user having an entry, if they provide the password.
You can restrict the users allowed to connect with the xpd.allowedusers directive; see root.cern.ch/drupal/content/conf … lowedusers.
I read about xpd.allowedusers. In my case it can not help me.
I have many users on User Interface and all of them are added in file /etc/passwd on master and nodes.
If I restrict the users allowed to connect with the xpd.allowedusers directive some users can not connect with PROOF.
But I need that all of them can send task on PROOF cluster. But user from UI must start PROOF task only himself.
User must not start PROOF session as another user.
Does it mean that I switched on authentication?
Maybe should I configure root with some options for switch on authentication?
Home dirs for my users are AFS dirs.
At least I have next error:
root [0] TAuthenticate::PrintHostAuth()
Error: Function PrintHostAuth() is not defined in current scope (tmpfile):1:
*** Interpreter error recovered ***
*** Interpreter error recovered ***
I have overlooked the way you specified the authentication directives: the first one is wrong (see also root.cern.ch/drupal/content/enab … entication): it must be ‘xpd.seclib’ not ‘xrootd.seclib’ (this is to allow to control differently security for the xrootd and xproofd protocols in case one runs the two protocols in the same daemon).
When starting the daemon it should notify you in the log that authentication is enabled.