Red Hat Bugzilla – Bug 573922
voms-proxy-init does not work reliably
Last modified: 2010-04-08 23:50:48 EDT
Description of problem: With voms-clients on Fedora 12 and on sometimes on CentOS 5 I observe the following strange behavior: [shamardin@abbot ~]$ voms-proxy-init -debug -rfc -voms dteam Detected Globus version: 22 PCI extension info: Path length: -1 Policy language not specified. Policy file not specified. Number of bits in key :1024 Loading configuration file /home/shamardin/.voms/vomses Loading configuration file /etc/vomses Files being used: CA certificate file: none Trusted certificates directory : /etc/grid-security/certificates Proxy certificate file : /tmp/x509up_u500 User certificate file: /home/shamardin/.globus/usercert.pem User key file: /home/shamardin/.globus/userkey.pem Output to /tmp/x509up_u500 Enter GRID pass phrase: Your identity: /C=RU/O=RDIG/OU=users/OU=sinp.msu.ru/CN=Lev Shamardin Using configuration file /home/shamardin/.voms/vomses Using configuration file /etc/vomses Loading configuration file /home/shamardin/.voms/vomses Loading configuration file /etc/vomses Creating temporary proxy to /tmp/tmp_x509up_u500_29500 ........++++++ ........++++++ No policy language specified, Gsi impersonation proxy assumed. Done Contacting voms114.cern.ch:15004 [/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch] "dteam" Done Creating proxy to /tmp/x509up_u500 ..........................++++++ .++++++ error:22097088:X509 V3 routines:DO_EXT_NCONF:no config database:v3_conf.c:156 error:80065414:lib(128):proxy_sign:problem adding CLASS_ADD Extension:vomsclient.cc:1210 ERROR: [shamardin@abbot ~]$ grep dteam /etc/vomses "dteam" "voms114.cern.ch" "15004" "/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch" "dteam" Or even this: [shamardin@abbot ~]$ voms-proxy-init -debug -rfc -voms dteam Detected Globus version: 22 PCI extension info: Path length: -1 Policy language not specified. Policy file not specified. Number of bits in key :1024 Loading configuration file /home/shamardin/.voms/vomses Loading configuration file /etc/vomses Files being used: CA certificate file: none Trusted certificates directory : /etc/grid-security/certificates Proxy certificate file : /tmp/x509up_u500 User certificate file: /home/shamardin/.globus/usercert.pem User key file: /home/shamardin/.globus/userkey.pem Output to /tmp/x509up_u500 Enter GRID pass phrase: Your identity: /C=RU/O=RDIG/OU=users/OU=sinp.msu.ru/CN=Lev Shamardin Using configuration file /home/shamardin/.voms/vomses Using configuration file /etc/vomses Loading configuration file /home/shamardin/.voms/vomses Loading configuration file /etc/vomses Creating temporary proxy to /tmp/tmp_x509up_u500_29601 ................++++++ ..............++++++ No policy language specified, Gsi impersonation proxy assumed. Done Contacting voms114.cern.ch:15004 [/DC=ch/DC=cern/OU=computers/CN=voms.cern.ch] "dteam" Done Creating proxy to /tmp/x509up_u500 .....................................................................++++++ ...........++++++ Done Your proxy is valid until Tue Mar 16 22:46:26 2010 Error: verify failed. Cannot verify AC signature! These errors are not always reproducible, sometimes you need to run voms-proxy-init several times to cath those (especially the DO_EXT_NCONF one). Version-Release number of selected component (if applicable): voms-clients-1.9.14.3-1.fc12.i686 voms-1.9.14.3-1.fc12.i686 openssl-1.0.0-0.13.beta4.fc12.i686 How reproducible: Always, but you may need to give it a few tries. Steps to Reproduce: 1. run voms-proxy-init -rfc -voms something Sometimes you can trigger this more quickly running first: 1. voms-proxy-init -rfc and then: 2. voms-proxy-init -rfc -noregen -voms something Actual results: no proxy Expected results: working proxy with voms AC. Additional info: glite-security-voms-clients-1.8.12-1.sl5.x86_64 does not have this problem.
After some debugging the problem has been identified to be due to an uninitialized variable in the voms-proxy-init source file. A patch has been created and a new version will be built shortly.
voms-1.9.16.1-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.el5
voms-1.9.16.1-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc13
voms-1.9.16.1-1.el4 has been submitted as an update for Fedora EPEL 4. http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.el4
voms-1.9.16.1-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc12
voms-1.9.16.1-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc11
voms-1.9.16.1-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update voms'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc12
voms-1.9.16.1-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update voms'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc11
voms-1.9.16.1-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update voms'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.fc13
voms-1.9.16.1-1.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update voms'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.el5
voms-1.9.16.1-1.el4 has been pushed to the Fedora EPEL 4 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update voms'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/voms-1.9.16.1-1.el4
voms-1.9.16.1-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
voms-1.9.16.1-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
voms-1.9.16.1-1.el4 has been pushed to the Fedora EPEL 4 stable repository. If problems still persist, please make note of it in this bug report.
voms-1.9.16.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
voms-1.9.16.1-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.