Hi Rolf,
On Fri, Dec 03, 2004 at 05:32:58PM +0000, Rolf Dubitzky wrote:
> On Friday 03 December 2004 03:32, Andrew Hanushevsky wrote:
> > The other alternative is to enable authentication and provide an access
> > control file that specifies what can be access by whom. This is documented
> > in the Security reference manual. Currently, only Kerberos 4 and Kerberos 5
> > authentication is supported.
>
> Pete's solution of having the user who is runnig xrootd and who is owning the
> files is very experiment centric. That's not realistic in the long term.
Yes, having read the reply from Jean-Yves it is clear that my proposal
probably isn't extensible to multiple experiments if they have different
"owners" in mass storage.
> Krb4 sounds like a good solution ist there a HOWTO that describes how to setup
> things? Does this also solve problems with permissions for individual users
> and also in writing?
There is the manual:
http://xrootd.slac.stanford.edu/doc/sec_config/sec_config.htm
Could you take a look at it and see if you can figure things out? I can
probably a simple HOWTO/example to the examples page if things aren't clear
from the full manual.
Pete
-------------------------------------------------------------------------
Peter Elmer E-mail: [log in to unmask] Phone: +41 (22) 767-4644
Address: CERN Division PPE, Bat. 32 2C-14, CH-1211 Geneva 23, Switzerland
-------------------------------------------------------------------------
|