Jan Just,
Thu, Jul 31, 2008 at 12:30:14PM +0200, Jan Just Keijser wrote:
> uberftp against octopus shows:
>
> $ uberftp octopus.grid.kiae.ru
> 220 octopus.grid.kiae.ru GridFTP Server 2.3 (gcc32dbg, 1144436882-63) ready.
> an end-of-file was reached
> globus_xio: An end of file occurred
> Closing connection to service.
If you're using proxy that carry VOMS extension from pvier VO, then this
is expected: you're just not accepted as the "proper" user of this
GridFTP service. Octopus supports only LHC VOs and a couple of regional
ones, but definitely not 'pvier'.
As for me, uberftp test without VOMS extensions shows the same
diagnostics,
-----
$ uberftp octopus.grid.kiae.ru
220 octopus.grid.kiae.ru GridFTP Server 2.3 (gcc32dbg, 1144436882-63) ready.
an end-of-file was reached
globus_xio: An end of file occurred
Closing connection to service.
-----
But with VOMS-enabled RFC-style proxy it works:
-----
$ glite-voms-proxy-info -all -text
subject : /C=RU/O=RDIG/OU=users/OU=grid.kiae.ru/CN=Eygene Ryabinkin atALICE/CN=1465040036
issuer : /C=RU/O=RDIG/OU=users/OU=grid.kiae.ru/CN=Eygene Ryabinkin atALICE
identity : /C=RU/O=RDIG/OU=users/OU=grid.kiae.ru/CN=Eygene Ryabinkin atALICE
type : unknown
strength : 512 bits
path : /tmp/x509up_u1000
timeleft : 11:58:15
=== VO alice extension information ===
VO : alice
subject : /C=RU/O=RDIG/OU=users/OU=grid.kiae.ru/CN=Eygene Ryabinkin atALICE/CN=1465040036
issuer : /DC=ch/DC=cern/OU=computers/CN=voms.cern.ch
attribute : /alice/Role=NULL/Capability=NULL
attribute : /alice/lcg1/Role=NULL/Capability=NULL
timeleft : 11:58:14
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1070 (0x42e)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=RU, O=RDIG, OU=users, OU=grid.kiae.ru, CN=Eygene Ryabinkin atALICE
Validity
Not Before: Jul 31 12:20:28 2008 GMT
Not After : Aug 1 00:25:28 2008 GMT
Subject: C=RU, O=RDIG, OU=users, OU=grid.kiae.ru, CN=Eygene Ryabinkin atALICE, CN=1465040036
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:af:94:e6:a2:cb:b8:0e:52:60:07:1f:f7:08:2f:
60:30:77:b2:cc:eb:da:77:5f:88:4f:d8:52:fc:f6:
d0:9a:03:8f:b5:d9:69:93:51:21:b2:36:17:e4:fc:
61:1c:69:8e:41:99:f0:11:60:fc:a4:d7:31:7b:37:
2d:df:a1:57:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
acseq:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Data Encipherment
order:
03
Proxy Certificate Info Extension: critical
Proxy Policy:
Policy Language: GSI impersonation proxy
Policy: EMPTY
Signature Algorithm: md5WithRSAEncryption
52:2c:3f:92:68:89:86:d3:8c:db:64:41:22:f6:c1:f7:04:a1:
42:8d:bc:d4:ef:93:21:cc:3b:06:97:b5:27:c7:8e:84:3f:ab:
2c:d3:3d:74:1d:ff:be:89:21:87:9b:c8:18:d2:87:7e:fa:de:
6a:04:0b:4c:f9:50:bd:0e:76:ca:5b:75:e0:47:c3:f6:5d:7a:
dc:e4:f5:7f:0a:7b:7c:28:ac:81:6b:2e:d9:ee:fa:bd:c8:4c:
d4:75:60:25:c4:c1:f0:8b:2b:6d:7a:7c:2d:81:37:f4:8f:be:
51:79:07:24:df:36:eb:c8:1f:55:8e:52:1e:47:e1:6c:e8:fc:
78:11
$ uberftp octopus.grid.kiae.ru
220 octopus.grid.kiae.ru GridFTP Server 2.3 (gcc32dbg, 1144436882-63) ready.
230 User alice0000 logged in.
uberftp> quit
221 Goodbye.
kthxbye
-----
So if you'll try to use VOMS-enabled certificate with LHC VO role,
I think you'll be able to connect with uberftp and RFC-style proxy.
> > $ voms-proxy-init -voms pvier -rfc
> > Enter GRID pass phrase:
> > Your identity: /O=dutchgrid/O=users/O=nikhef/CN=Jan Just Keijser
> > Creating temporary proxy ........................................... Done
> > Contacting voms.grid.sara.nl:30000
> > [/O=dutchgrid/O=hosts/OU=sara.nl/CN=voms.grid.sara.nl] "pvier" Done
> > Creating proxy ............................. Done
> > Your proxy is valid until Fri Aug 1 00:22:19 2008
> >
> > $ voms-proxy-info -all
> > subject : /O=dutchgrid/O=users/O=nikhef/CN=Jan Just
> > Keijser/CN=1963219144
> > issuer : /O=dutchgrid/O=users/O=nikhef/CN=Jan Just Keijser
> > identity : /O=dutchgrid/O=users/O=nikhef/CN=Jan Just Keijser
> > type : unknown
> > strength : 512 bits
> > path : /tmp/x509up_u7651
> > timeleft : 11:59:55
> > === VO pvier extension information ===
> > VO : pvier
> > subject : /O=dutchgrid/O=users/O=nikhef/CN=Jan Just
> > Keijser/CN=1963219144
> > issuer : /O=dutchgrid/O=hosts/OU=sara.nl/CN=voms.grid.sara.nl
> > attribute : /pvier
> > timeleft : 11:59:55
--
Eygene Ryabinkin, Russian Research Centre "Kurchatov Institute"
|