 |
 |
Hi Gregory, > On Wed, Dec 01, 2004 at 06:35:40PM +0100, Gregory Schott wrote: > > During our GridKa meeting today, one has raised the question about > > xrootd file access when other experiements are also using xrootd. > > The question concerns the case when xrootd is also used by another > > experiment; how the permissions may be setup that babar data is only > > accessible by babar users? Via the xrootd configuration files? How is it > > done at IN2P3? You have two options on how to accomplish this. One is to run multiple xrootd servers (one each for each expriment). The drawback is that different port numbers would be used for each xrootd and would simply confuse people who work on multiple experiments. The other alternative is to enable authentication and provide an access control file that specifies what can be access by whom. This is documented in the Security reference manual. Currently, only Kerberos 4 and Kerberos 5 authentication is supported. Andy