Hi, Derek! > > I can't quite see how the setup with one master aviolates security. Yuo > > secure pool is still protected by a firewall from certian clients. Master > > only tell a client which pool to use. > > This setup sounds fine to me (except that it leaves the server open to denial > of service attacks from outside, if one is worried about such things. This > could degrade the service for internal jobs quite a bit, if lots of requests > for nonexistent files are made, or even worse, if staging on servers is > triggered). Yes, this is true.. Frankly speaking, setup with two masters serving 'open' and 'closed' pools is also fine with me, I only hope that this can be easily supported by AliEn. .. > About the ALICE stuff: > The TokenAuthz module implements authorization, not authentication. It needs I very much like you model, since it really saves xrootd. :) > we would be forced to run it on both redirectors and leaf nodes (awful). Could you please explain a bit more, since this contradicts to Andy's answer. I.e. what will happen if Alien client carrying authz token comes to a server w/o AliEn authz lib? Artem. > > Cheers, > Derek > > > On Wednesday 01 February 2006 22.33, Artem Trunov wrote: > > Hi, Andy! > > > > I can't quite see how the setup with one master aviolates security. Yuo > > secure pool is still protected by a firewall from certian clients. Master > > only tell a client which pool to use. > > > > Absence of this setup, actually, forces people to make all their servers > > open to world where they may need only few. > > > > And, again, in dcache you have only one head node for all your needs, and > > site hapily deploy it. > > > > Artem. > > > > On Wed, 1 Feb 2006, Andrew Hanushevsky wrote: > > > Hi Artem, > > > > > > Convenient yes but it also violates the prime security directive here. If > > > the security need is to keep servers separate then allowing even one to > > > be shared destroys the whole structure (the weakest link phenomena). The > > > security team here doesn't like wall paper security. So if you're going > > > to violate the security policy then overtly do so. This, of course, is > > > not to say there may be non-security reasons for doing this. Anyway, no > > > you will need to run two redirectors to keep the server pools truly > > > separate. > > > > > > Andy > > > > > > ----- Original Message ----- > > > From: "Artem Trunov" <[log in to unmask]> > > > To: <[log in to unmask]> > > > Sent: Wednesday, February 01, 2006 6:44 AM > > > Subject: xrootd redirection based on client's subnet > > > > > > > Hi Andy et all, > > > > > > > > Does xrootd support it? The use case is when you want to have one > > > > redirector, but kee ptwo separate pools of servers - one for access > > > > from WNs (servers in IFZ), and another for out of site access (servers > > > > in DMZ). Then you'd specify selection rools in you olbd config. This is > > > > a feature of dCache, very convinient. > > > > > > > > Artem. >