Hi Birger,
Thanks for the output, I understand better now.
I have fixed the problem with the username and should go
in CVS very soon.
However,
> With root: instead of roots: I am _not_ asked for the username, but then
> it goes in clear-text over the line.
the username will go _always_ go clear-text over the line.
Forcing "roots" does not help in this (even if you had SRP
installed).
The password, however, will always go encrypted.
Cheers, Gerri
On Tue, 4 May 2004, Birger Koblitz wrote:
> Hi,
>
> with the following macro:
> {
>
> TFTP service("roots://koblitz@lxn5222:5151"); // User name here!!!!!
> if(! service.IsOpen())
> exit 0;
> service.get("//pool/koblitz/dstarmb.root", "/tmp/dstar.root");
> }
>
> I get:
> root [0] .x rftp.C
> Info in <TPSocket::Authenticate>: Local protocol: roots
> Info in <TAuthenticate::TAuthenticate>: Enter: local host: pcarda1504,
> user is: koblitz (proto: roots:10)
> Info in <TAuthenticate::TAuthenticate>: service: roots (remote protocol:
> 10): fVersion: 3
> Info in <TAuthenticate::GenRSAKeys>: enter
> Info in <TAuthenticate::GenRSAKeys>: taking seed from /dev/urandom
> Info in <TAuthenticate::GetRandString>: enter ... Len: 30 Any
> Info in <TAuthenticate::GetRandString>: got
> '9DMhE;R?Woj}vNlni;6kdso{PKkZ6u'
> Info in <TAuthenticate::GenRSAKeys>: local: test string:
> '9DMhE;R?Woj}vNlni;6kdso{PKkZ6u'
> Info in <TAuthenticate::GenRSAKeys>: local: length of crypted string: 44
> bytes
> Info in <TAuthenticate::GenRSAKeys>: local: after private/public :
> '9DMhE;R?Woj}vNlni;6kdso{PKkZ6u'
> Info in <TAuthenticate::GenRSAKeys>: local: length of crypted string: 44
> bytes
> Info in <TAuthenticate::GenRSAKeys>: local: after public/private :
> '9DMhE;R?Woj}vNlni;6kdso{PKkZ6u'
> Info in <TAuthenticate::GenRSAKeys>: local: export pub length: 90 bytes
> Info in <TAuthenticate::ReadRootAuthrc>: Checking file:
> /home/koblitz/.rootauthrc
> Info in <TPluginManager::FindHandler>: did not find plugin for class
> TSystem and uri /home/koblitz/.rootauthrc
> Info in <TAuthenticate::ReadRootAuthrc>: file /home/koblitz/.rootauthrc
> cannot be read (errno: 2)
> Info in <TAuthenticate::ReadRootAuthrc>: Checking system
> file:/opt/root/etc/system.rootauthrc
> Info in <TPluginManager::FindHandler>: did not find plugin for class
> TSystem and uri /opt/root/etc/system.rootauthrc
> Info in <TAuthenticate::ReadRootAuthrc>: got tmp file:
> /tmp/rootauthrc5TDckC open at 0x8a8cc68
> Info in <TAuthenticate::FileExpand>: enter ...
> '/opt/root/etc/system.rootauthrc' ... 0x8a8cc68
> Info in <TAuthenticate::FileExpand>: read line ... 'default list usrpwd
> ssh krb5 uidgid '
> Info in <TAuthenticate::GetDefaultDetails>: enter ... 0 ...pt:0 ... '*'
> Info in <TAuthenticate::GetDefaultDetails>: returning ... pt:no ru:yes
> cp:yes us:
> Info in <TAuthenticate::GetDefaultDetails>: enter ... 4 ...pt:0 ... '*'
> Info in <TAuthenticate::GetDefaultDetails>: returning ... pt:no ru:yes us:
> Info in <TAuthenticate::GetDefaultDetails>: enter ... 2 ...pt:0 ... '*'
> Info in <TAuthenticate::GetDefaultDetails>: returning ... pt:no ru:no us:
> Info in <TAuthenticate::GetDefaultDetails>: enter ... 5 ...pt:0 ... '*'
> Info in <TAuthenticate::GetDefaultDetails>: returning ... pt:no us:
> Info in <THostAuth::Print>:
> +------------------------------------------------------------------+
> Info in <THostAuth::Print>: + Host:default - Srv:any - User:* - # of
> available methods:4
> Info in <THostAuth::Print>: + Method: 0 (UsrPwd) Ok:0 Ko:0 Dets:pt:no
> ru:yes cp:yes us:
> Info in <THostAuth::Print>: + Method: 4 (SSH) Ok:0 Ko:0 Dets:pt:no ru:yes
> us:
> Info in <THostAuth::Print>: + Method: 2 (Krb5) Ok:0 Ko:0 Dets:pt:no ru:no
> us:
> Info in <THostAuth::Print>: + Method: 5 (UidGid) Ok:0 Ko:0 Dets:pt:no us:
> Info in <THostAuth::Print>:
> +------------------------------------------------------------------+
> Info in <TAuthenticate::HasHostAuth>: enter ... default:-1 ... *
> Info in <::Print>: +--------------------------- BEGIN
> --------------------------------+
> Info in <::Print>: +
> +
> Info in <::Print>: + List fgProofAuthInfo has 0 members
> +
> Info in <::Print>: +
> +
> Info in <::Print>:
> +------------------------------------------------------------------+
> Info in <::Print>: +---------------------------- END
> ---------------------------------+
> Info in <TAuthenticate::TAuthenticate>: number of HostAuth Instantiations
> in memory: 1
> Info in <::Print>: +--------------------------- BEGIN
> --------------------------------+
> Info in <::Print>: +
> +
> Info in <::Print>: + List fgAuthInfo has 1 members
> +
> Info in <::Print>: +
> +
> Info in <::Print>:
> +------------------------------------------------------------------+
> Info in <THostAuth::Print>:
> +------------------------------------------------------------------+
> Info in <THostAuth::Print>: + Host:default - Srv:any - User:* - # of
> available methods:4
> Info in <THostAuth::Print>: + Method: 0 (UsrPwd) Ok:0 Ko:0 Dets:pt:no
> ru:yes cp:yes us:
> Info in <THostAuth::Print>: + Method: 4 (SSH) Ok:0 Ko:0 Dets:pt:no ru:yes
> us:
> Info in <THostAuth::Print>: + Method: 2 (Krb5) Ok:0 Ko:0 Dets:pt:no ru:no
> us:
> Info in <THostAuth::Print>: + Method: 5 (UidGid) Ok:0 Ko:0 Dets:pt:no us:
> Info in <THostAuth::Print>:
> +------------------------------------------------------------------+
> Info in <THostAuth::PrintEstablished>:
> +------------------------------------------------------------------------------+
> Info in <THostAuth::PrintEstablished>: + Host:default - Number of active
> sec contexts: 0
> Info in <THostAuth::PrintEstablished>:
> +------------------------------------------------------------------------------+
> Info in <::Print>: +---------------------------- END
> ---------------------------------+
> Info in <::Print>: +--------------------------- BEGIN
> --------------------------------+
> Info in <::Print>: +
> +
> Info in <::Print>: + List fgProofAuthInfo has 0 members
> +
> Info in <::Print>: +
> +
> Info in <::Print>:
> +------------------------------------------------------------------+
> Info in <::Print>: +---------------------------- END
> ---------------------------------+
> Info in <TAuthenticate::GetHostAuth>: enter ... lxn5222.cern.ch:1 ...
> koblitz
> Info in <THostAuth::Print>: Authenticate::GetHostAuth
> +------------------------------------------------------------------+
> Info in <THostAuth::Print>: Authenticate::GetHostAuth + Host:default -
> Srv:any - User:* - # of available methods:4
> Info in <THostAuth::Print>: Authenticate::GetHostAuth + Method: 0 (UsrPwd)
> Ok:0 Ko:0 Dets:pt:no ru:yes cp:yes us:
> Info in <THostAuth::Print>: Authenticate::GetHostAuth + Method: 4 (SSH)
> Ok:0 Ko:0 Dets:pt:no ru:yes us:
> Info in <THostAuth::Print>: Authenticate::GetHostAuth + Method: 2 (Krb5)
> Ok:0 Ko:0 Dets:pt:no ru:no us:
> Info in <THostAuth::Print>: Authenticate::GetHostAuth + Method: 5 (UidGid)
> Ok:0 Ko:0 Dets:pt:no us:
> Info in <THostAuth::Print>: Authenticate::GetHostAuth
> +------------------------------------------------------------------+
> Info in <TAuthenticate::GetDefaultDetails>: enter ... 1 ...pt:1 ...
> 'koblitz'
> Info in <TAuthenticate::GetDefaultDetails>: returning ... pt:yes ru:no
> us:koblitz
> Info in <THostAuth::Print>:
> +------------------------------------------------------------------+
> Info in <THostAuth::Print>: + Host:default - Srv:any - User:* - # of
> available methods:5
> Info in <THostAuth::Print>: + Method: 1 (SRP) Ok:0 Ko:0 Dets:pt:yes ru:no
> us:koblitz
> Info in <THostAuth::Print>: + Method: 0 (UsrPwd) Ok:0 Ko:0 Dets:pt:no
> ru:yes cp:yes us:
> Info in <THostAuth::Print>: + Method: 4 (SSH) Ok:0 Ko:0 Dets:pt:no ru:yes
> us:
> Info in <THostAuth::Print>: + Method: 2 (Krb5) Ok:0 Ko:0 Dets:pt:no ru:no
> us:
> Info in <THostAuth::Print>: + Method: 5 (UidGid) Ok:0 Ko:0 Dets:pt:no us:
> Info in <THostAuth::Print>:
> +------------------------------------------------------------------+
> Info in <TAuthenticate::Authenticate>: enter: fUser: koblitz
> Info in <TAuthenticate::Authenticate>: try #: 1
> Info in <THostAuth::GetDetails>: 1: returning fDetails[0]: pt:yes ru:no
> us:koblitz
> Info in <TAuthenticate::Authenticate>: trying authentication: method:1,
> default details:pt:yes ru:no us:koblitz
> Info in <TAuthenticate::SetEnvironment>: setting environment: fSecurity:1,
> fDetails:pt:yes ru:no us:koblitz
> Info in <TAuthenticate::SetEnvironment>: details:pt:yes ru:no us:koblitz,
> Pt:yes, Ru:no, Us:koblitz
> Info in <TAuthenticate::SetEnvironment>: UsDef:koblitz
> Name (lxn5222.cern.ch:koblitz):
>
>
> With root: instead of roots: I am _not_ asked for the username, but then
> it goes in clear-text over the line.
>
> Cheers,
> Birger
>
>
> On Tue, 4 May 2004, Gerardo Ganis wrote:
>
> >
> >
> > Hi Birger,
> >
> > I am surprised that you are still getting asked for
> > the username; could you please run with
> >
> > Root.Debug: 6
> >
> > and send me what you get on the screen?
> > Could you also tell me which ROOT version you are running?
> >
> > Cheers, Gerri
> >
> > ps: only passwords are encrypted as it is now, so it's
> > normal that you find your username in the tcp-packets.
> >
> >
> > On Tue, 4 May 2004, Birger Koblitz wrote:
> >
> > > Hi Gerardo,
> > >
> > > thanks, this works. However, it looks as if the connection is not
> > > encrypted. At least I can find my username easily in the tcp-packets. I
> > > don't know about the password. I found a workaround by using
> > > TAuthenticate::SetGlobalUser("koblitz");
> > > However, this means my program stops to be thread-safe, which is
> > > unacceptable (I am doing tests with hundreds of client-threads and also
> > > would like to have several servers, possibly with different user-names).
> > >
> > > I consider it to be a bug, if I explicitely give the required username in the
> > > URL and I am nevertheless asked for it.
> > >
> > > Cheers,
> > > Birger
> > >
> > > On Tue, 4 May 2004, Gerardo Ganis wrote:
> > >
> > > >
> > > >
> > > > Hi Birger,
> > > >
> > > > I think your problem comes from the fact you are asking
> > > > for SRP authentication (protocol "roots:// ...").
> > > > You should not get prompt if just use "root://...", ie
> > > >
> > > > TFTP service("root://koblitz@lxn5222:5151");
> > > >
> > > > Cheers,
> > > >
> > > > Gerri
> > > >
> > > >
> > > > On Tue, 4 May 2004, Birger Koblitz wrote:
> > > >
> > > > > Hi Fons,
> > > > >
> > > > > I am using the following script to do a test-transmssion via rootd:
> > > > > // Macro to test ftp via rootd
> > > > > {
> > > > > TFTP service("roots://koblitz@lxn5222:5151");
> > > > > if(! service.IsOpen())
> > > > > exit 0;
> > > > > // service.ListDirectory();
> > > > > service.get("//pool/koblitz/dstarmb.root", "/tmp/dstar.root");
> > > > > }
> > > > >
> > > > > The authentication is done via ssh which uses the CERN-AFS-token to login
> > > > > automatically, this works. The problem is, that I have to always confirm
> > > > > my user-name:
> > > > > root [0] .x rftp.C
> > > > > Name (lxn5222.cern.ch:koblitz):
> > > > > Error in <TAuthenticate::Authenticate>: no support for SRP authentication
> > > > > available
> > > > > <TFTP::GetFile>: getting file /tmp/dstar.root (21330730 bytes, starting at
> > > > > 0)
> > > > > <TFTP::GetFile>: 31.840 seconds, 0.64 Mbytes per second
> > > > >
> > > > > What am I doing wrong, or is that a 'feature'?
> > > > > Of course, if you want to do a lot of automatic transfers, this is not
> > > > > really nice...
> > > > >
> > > > > Cheers,
> > > > > Birger
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
> >
> >
>
>
This archive was generated by hypermail 2b29 : Sun Jan 02 2005 - 05:50:07 MET