Hi Artem,
Artem Trunov wrote:
>Hi,
>
>I am looking for the following scheme - when authentification is done by
>the master, and there is no authentification on slaves. Is this going to
>work? The use case is : we want to have unifirmly configured xrootd
>clusters, but some experiments (let's not laugh at them) want to have
>authentification.
>
>
I don't know how it is with other types of authentication, but for pwd
authentication, the client is authenticated also in slaves. That means
that if the client is authenticated on manager node and redirected to
other, he has to authenitcate again, becase that node doesn't know that
the user has already been authenticated on manager node. Additionally,
in pwd based authentication, the user can have granted access to bounded
number of nodes (slaves) .
Possible, Gerri can give you more notes.
>Couple of more question, now on Alice authentificaton. I remember someone
>said,that Alice authentification is alreadypackaged and distributed with
>xrootd, but I didn't find any docs on how to use it. More over, it seems
>that Alice auth plugin is specified as fslib, not as seclib. So, see again
>the frirst question - is this going to work, if master has one fslib
>plugin, but slaves have different? And if I don't trust your responce :) ,
>is there some doc on how to use Alice uathentification?
>(I hope all relevant Alice people are on this list)
>
>Thanks,
>Artem.
>
>
Cheers Pavel
|