Re: [ROOT] Username always asked by rootd

From: Birger Koblitz (Birger.Koblitz@cern.ch)
Date: Tue May 04 2004 - 17:54:20 MEST 

Hi,

with the following macro:
{

  TFTP service("roots://koblitz@lxn5222:5151");  // User name here!!!!!
  if(! service.IsOpen())
    exit 0;
  service.get("//pool/koblitz/dstarmb.root", "/tmp/dstar.root");
}

I get:
root [0] .x rftp.C
Info in <TPSocket::Authenticate>: Local protocol: roots
Info in <TAuthenticate::TAuthenticate>: Enter: local host: pcarda1504, 
user is: koblitz (proto: roots:10)
Info in <TAuthenticate::TAuthenticate>: service: roots (remote protocol: 
10): fVersion: 3
Info in <TAuthenticate::GenRSAKeys>: enter
Info in <TAuthenticate::GenRSAKeys>: taking seed from /dev/urandom
Info in <TAuthenticate::GetRandString>: enter ... Len: 30 Any
Info in <TAuthenticate::GetRandString>: got 
'9DMhE;R?Woj}vNlni;6kdso{PKkZ6u' 
Info in <TAuthenticate::GenRSAKeys>: local: test string: 
'9DMhE;R?Woj}vNlni;6kdso{PKkZ6u' 
Info in <TAuthenticate::GenRSAKeys>: local: length of crypted string: 44 
bytes
Info in <TAuthenticate::GenRSAKeys>: local: after private/public : 
'9DMhE;R?Woj}vNlni;6kdso{PKkZ6u' 
Info in <TAuthenticate::GenRSAKeys>: local: length of crypted string: 44 
bytes 
Info in <TAuthenticate::GenRSAKeys>: local: after public/private : 
'9DMhE;R?Woj}vNlni;6kdso{PKkZ6u' 
Info in <TAuthenticate::GenRSAKeys>: local: export pub length: 90 bytes
Info in <TAuthenticate::ReadRootAuthrc>: Checking file: 
/home/koblitz/.rootauthrc
Info in <TPluginManager::FindHandler>: did not find plugin for class 
TSystem and uri /home/koblitz/.rootauthrc
Info in <TAuthenticate::ReadRootAuthrc>: file /home/koblitz/.rootauthrc 
cannot be read (errno: 2)
Info in <TAuthenticate::ReadRootAuthrc>: Checking system 
file:/opt/root/etc/system.rootauthrc
Info in <TPluginManager::FindHandler>: did not find plugin for class 
TSystem and uri /opt/root/etc/system.rootauthrc
Info in <TAuthenticate::ReadRootAuthrc>: got tmp file: 
/tmp/rootauthrc5TDckC open at 0x8a8cc68
Info in <TAuthenticate::FileExpand>: enter ... 
'/opt/root/etc/system.rootauthrc' ... 0x8a8cc68
Info in <TAuthenticate::FileExpand>: read line ... 'default list usrpwd 
ssh  krb5  uidgid '
Info in <TAuthenticate::GetDefaultDetails>: enter ... 0 ...pt:0 ... '*'
Info in <TAuthenticate::GetDefaultDetails>: returning ... pt:no ru:yes 
cp:yes us:
Info in <TAuthenticate::GetDefaultDetails>: enter ... 4 ...pt:0 ... '*'
Info in <TAuthenticate::GetDefaultDetails>: returning ... pt:no ru:yes us:
Info in <TAuthenticate::GetDefaultDetails>: enter ... 2 ...pt:0 ... '*'
Info in <TAuthenticate::GetDefaultDetails>: returning ... pt:no ru:no us:
Info in <TAuthenticate::GetDefaultDetails>: enter ... 5 ...pt:0 ... '*'
Info in <TAuthenticate::GetDefaultDetails>: returning ... pt:no us:
Info in <THostAuth::Print>:  
+------------------------------------------------------------------+
Info in <THostAuth::Print>:  + Host:default - Srv:any - User:* - # of 
available methods:4
Info in <THostAuth::Print>:  + Method: 0 (UsrPwd) Ok:0 Ko:0 Dets:pt:no 
ru:yes cp:yes us:
Info in <THostAuth::Print>:  + Method: 4 (SSH) Ok:0 Ko:0 Dets:pt:no ru:yes 
us:
Info in <THostAuth::Print>:  + Method: 2 (Krb5) Ok:0 Ko:0 Dets:pt:no ru:no 
us:
Info in <THostAuth::Print>:  + Method: 5 (UidGid) Ok:0 Ko:0 Dets:pt:no us:
Info in <THostAuth::Print>:  
+------------------------------------------------------------------+
Info in <TAuthenticate::HasHostAuth>: enter ... default:-1 ... *
Info in <::Print>:  +--------------------------- BEGIN 
--------------------------------+
Info in <::Print>:  +                                                                  
+
Info in <::Print>:  + List fgProofAuthInfo has    0 members                            
+
Info in <::Print>:  +                                                                  
+
Info in <::Print>:  
+------------------------------------------------------------------+
Info in <::Print>:  +---------------------------- END 
---------------------------------+
Info in <TAuthenticate::TAuthenticate>: number of HostAuth Instantiations 
in memory: 1
Info in <::Print>:  +--------------------------- BEGIN 
--------------------------------+
Info in <::Print>:  +                                                                  
+
Info in <::Print>:  + List fgAuthInfo has    1 members                                 
+
Info in <::Print>:  +                                                                  
+
Info in <::Print>:  
+------------------------------------------------------------------+
Info in <THostAuth::Print>:  
+------------------------------------------------------------------+
Info in <THostAuth::Print>:  + Host:default - Srv:any - User:* - # of 
available methods:4
Info in <THostAuth::Print>:  + Method: 0 (UsrPwd) Ok:0 Ko:0 Dets:pt:no 
ru:yes cp:yes us:
Info in <THostAuth::Print>:  + Method: 4 (SSH) Ok:0 Ko:0 Dets:pt:no ru:yes 
us:
Info in <THostAuth::Print>:  + Method: 2 (Krb5) Ok:0 Ko:0 Dets:pt:no ru:no 
us:
Info in <THostAuth::Print>:  + Method: 5 (UidGid) Ok:0 Ko:0 Dets:pt:no us:
Info in <THostAuth::Print>:  
+------------------------------------------------------------------+
Info in <THostAuth::PrintEstablished>: 
+------------------------------------------------------------------------------+
Info in <THostAuth::PrintEstablished>: + Host:default - Number of active 
sec contexts: 0
Info in <THostAuth::PrintEstablished>: 
+------------------------------------------------------------------------------+
Info in <::Print>:  +---------------------------- END 
---------------------------------+
Info in <::Print>:  +--------------------------- BEGIN 
--------------------------------+
Info in <::Print>:  +                                                                  
+
Info in <::Print>:  + List fgProofAuthInfo has    0 members                            
+
Info in <::Print>:  +                                                                  
+
Info in <::Print>:  
+------------------------------------------------------------------+
Info in <::Print>:  +---------------------------- END 
---------------------------------+
Info in <TAuthenticate::GetHostAuth>: enter ... lxn5222.cern.ch:1 ... 
koblitz
Info in <THostAuth::Print>: Authenticate::GetHostAuth 
+------------------------------------------------------------------+
Info in <THostAuth::Print>: Authenticate::GetHostAuth + Host:default - 
Srv:any - User:* - # of available methods:4
Info in <THostAuth::Print>: Authenticate::GetHostAuth + Method: 0 (UsrPwd) 
Ok:0 Ko:0 Dets:pt:no ru:yes cp:yes us:
Info in <THostAuth::Print>: Authenticate::GetHostAuth + Method: 4 (SSH) 
Ok:0 Ko:0 Dets:pt:no ru:yes us:
Info in <THostAuth::Print>: Authenticate::GetHostAuth + Method: 2 (Krb5) 
Ok:0 Ko:0 Dets:pt:no ru:no us:
Info in <THostAuth::Print>: Authenticate::GetHostAuth + Method: 5 (UidGid) 
Ok:0 Ko:0 Dets:pt:no us:
Info in <THostAuth::Print>: Authenticate::GetHostAuth 
+------------------------------------------------------------------+
Info in <TAuthenticate::GetDefaultDetails>: enter ... 1 ...pt:1 ... 
'koblitz'
Info in <TAuthenticate::GetDefaultDetails>: returning ... pt:yes ru:no 
us:koblitz
Info in <THostAuth::Print>:  
+------------------------------------------------------------------+
Info in <THostAuth::Print>:  + Host:default - Srv:any - User:* - # of 
available methods:5
Info in <THostAuth::Print>:  + Method: 1 (SRP) Ok:0 Ko:0 Dets:pt:yes ru:no 
us:koblitz
Info in <THostAuth::Print>:  + Method: 0 (UsrPwd) Ok:0 Ko:0 Dets:pt:no 
ru:yes cp:yes us:
Info in <THostAuth::Print>:  + Method: 4 (SSH) Ok:0 Ko:0 Dets:pt:no ru:yes 
us:
Info in <THostAuth::Print>:  + Method: 2 (Krb5) Ok:0 Ko:0 Dets:pt:no ru:no 
us:
Info in <THostAuth::Print>:  + Method: 5 (UidGid) Ok:0 Ko:0 Dets:pt:no us:
Info in <THostAuth::Print>:  
+------------------------------------------------------------------+
Info in <TAuthenticate::Authenticate>: enter: fUser: koblitz
Info in <TAuthenticate::Authenticate>: try #: 1
Info in <THostAuth::GetDetails>:  1: returning fDetails[0]: pt:yes ru:no 
us:koblitz
Info in <TAuthenticate::Authenticate>: trying authentication: method:1, 
default details:pt:yes ru:no us:koblitz
Info in <TAuthenticate::SetEnvironment>: setting environment: fSecurity:1, 
fDetails:pt:yes ru:no us:koblitz
Info in <TAuthenticate::SetEnvironment>: details:pt:yes ru:no us:koblitz, 
Pt:yes, Ru:no, Us:koblitz
Info in <TAuthenticate::SetEnvironment>: UsDef:koblitz
Name (lxn5222.cern.ch:koblitz): 


With root: instead of roots: I am _not_ asked for the username, but then 
it goes in clear-text over the line.

Cheers,
  Birger


On Tue, 4 May 2004, Gerardo Ganis wrote:

> 
> 
>   Hi Birger,
> 
>   I am surprised that you are still getting asked for
>   the username; could you please run with 
> 
> Root.Debug:              6
> 
>   and send me what you get on the screen?
>   Could you also tell me which ROOT version you are running?
> 
>   Cheers, Gerri
> 
>   ps: only passwords are encrypted as it is now, so it's 
>       normal that you find your username in the tcp-packets.
> 
> 
> On Tue, 4 May 2004, Birger Koblitz wrote:
> 
> > Hi Gerardo,
> > 
> > thanks, this works. However, it looks as if the connection is not 
> > encrypted. At least I can find my username easily in the tcp-packets. I 
> > don't know about the password. I found a workaround by using 
> > TAuthenticate::SetGlobalUser("koblitz");
> > However, this means my program stops to be thread-safe, which is 
> > unacceptable (I am doing tests with hundreds of client-threads and also 
> > would like to have several servers, possibly with different user-names).
> > 
> > I consider it to be a bug, if I explicitely give the required username in the
> > URL and I am nevertheless asked for it. 
> > 
> > Cheers,
> >   Birger
> > 
> > On Tue, 4 May 2004, Gerardo Ganis wrote:
> > 
> > > 
> > > 
> > >   Hi Birger,
> > >  
> > >   I think your problem comes from the fact you are asking
> > >   for SRP authentication (protocol "roots:// ..."). 
> > >   You should not get prompt if just use "root://...", ie
> > > 
> > >      TFTP service("root://koblitz@lxn5222:5151");
> > > 
> > >   Cheers,
> > > 
> > >   Gerri
> > > 
> > > 
> > > On Tue, 4 May 2004, Birger Koblitz wrote:
> > > 
> > > > Hi Fons,
> > > >   
> > > > I am using the following script to do a test-transmssion via rootd:
> > > > // Macro to test ftp via rootd
> > > > {
> > > >   TFTP service("roots://koblitz@lxn5222:5151");
> > > >   if(! service.IsOpen())
> > > >     exit 0;
> > > > //  service.ListDirectory();
> > > >   service.get("//pool/koblitz/dstarmb.root", "/tmp/dstar.root");
> > > > } 
> > > >   
> > > > The authentication is done via ssh which uses the CERN-AFS-token to login 
> > > > automatically, this works. The problem is, that I have to always confirm 
> > > > my user-name:
> > > > root [0] .x rftp.C 
> > > > Name (lxn5222.cern.ch:koblitz): 
> > > > Error in <TAuthenticate::Authenticate>: no support for SRP authentication 
> > > > available
> > > > <TFTP::GetFile>: getting file /tmp/dstar.root (21330730 bytes, starting at 
> > > > 0)
> > > > <TFTP::GetFile>: 31.840 seconds, 0.64 Mbytes per second
> > > > 
> > > > What am I doing wrong, or is that a 'feature'?
> > > > Of course, if you want to do a lot of automatic transfers, this is not 
> > > > really nice...
> > > > 
> > > > Cheers,
> > > >   Birger
> > > > 
> > > > 
> > > 
> > > 
> > 
> > 
> 
> 
> 
> 

-- 
Birger Koblitz                  +41 22 767-3318
CERN IT                         2-1-046

This archive was generated by hypermail 2b29 : Sun Jan 02 2005 - 05:50:07 MET