search

dCache / dcache

dCache - a system for storing and retrieving huge amounts of data, distributed among a large number of heterogenous server nodes, under a single virtual filesystem tree with a variety of standard access methods
https://dcache.org
288 stars 136 forks source link

sha256 not supported for TPC #7599

Open Jo-stfc opened 3 months ago

Jo-stfc commented 3 months ago

Hi, back in March I had run into some TPC failures from XRootD 5.6+ to some dcache sites. the error was tracked down to: org.dcache.xrootd.core.XrootdException: all sender digests are unsupported: [sha256]. sha256 is the new default md algorithm from that version of xrootd and up. Is sha256 already supported in the latest version of dcache? If not could you add support for it?

Jo-stfc commented 3 months ago

https://github.com/xrootd/xrootd/issues/2202 is the original issue where this was identified

paulmillar commented 3 months ago

In the above xrootd issue, this comment seems the most relevant.

The underlying problem seems to be that the xroot "GSI" authentication protocol doesn't support a negotiation of which digest algorithm is used. Therefore, when adopting a new digest algorithm, all services must be updated to versions that support a new digest algorithm before that new algorithm is actually used.

The xrootd software has updated their default algorithm. This places a burden on people using that new version to ensure all their xroot-protocol endpoints have been upgraded.

In this case, xrootd4j should be updated to support sha256, with dCache updated to use a version of xrootd4j with that support.

The problem is (likely) independent of TPC. GSI-based direct access from an xrootd client would (likely) also be affected, if that client is using sha256 by default.

Jo-stfc commented 3 months ago

thanks Paul, I'll open a new issue on xrootd4j and link this issue