Hi Rolf, On Fri, Dec 03, 2004 at 05:32:58PM +0000, Rolf Dubitzky wrote: > On Friday 03 December 2004 03:32, Andrew Hanushevsky wrote: > > The other alternative is to enable authentication and provide an access > > control file that specifies what can be access by whom. This is documented > > in the Security reference manual. Currently, only Kerberos 4 and Kerberos 5 > > authentication is supported. > > Pete's solution of having the user who is runnig xrootd and who is owning the > files is very experiment centric. That's not realistic in the long term. Yes, having read the reply from Jean-Yves it is clear that my proposal probably isn't extensible to multiple experiments if they have different "owners" in mass storage. > Krb4 sounds like a good solution ist there a HOWTO that describes how to setup > things? Does this also solve problems with permissions for individual users > and also in writing? There is the manual: http://xrootd.slac.stanford.edu/doc/sec_config/sec_config.htm Could you take a look at it and see if you can figure things out? I can probably a simple HOWTO/example to the examples page if things aren't clear from the full manual. Pete ------------------------------------------------------------------------- Peter Elmer E-mail: [log in to unmask] Phone: +41 (22) 767-4644 Address: CERN Division PPE, Bat. 32 2C-14, CH-1211 Geneva 23, Switzerland -------------------------------------------------------------------------