 |
 |
Artem Trunov wrote: > Hi, Pavel! > > > >>I don't know how it is with other types of authentication, but for pwd >>authentication, the client is authenticated also in slaves. That means >>that if the client is authenticated on manager node and redirected to >>other, he has to authenitcate again, becase that node doesn't know that >>the user has already been authenticated on manager node. Additionally, > > > Yes, but I am interested in how this is enforced. If I setup slaves with > no authentification, then will a client carrying some credentials will be > re rejected? or his auth. data will be ignored? Yes, this is not secure, > but... > Hi Artem, the answer is no. The credentials concern the login phase and a client carrying not needed credentials will not be rejected. Fabrizio > Artem. > > >>in pwd based authentication, the user can have granted access to bounded >>number of nodes (slaves) . >>Possible, Gerri can give you more notes. >> >> >>>Couple of more question, now on Alice authentificaton. I remember someone >>>said,that Alice authentification is alreadypackaged and distributed with >>>xrootd, but I didn't find any docs on how to use it. More over, it seems >>>that Alice auth plugin is specified as fslib, not as seclib. So, see again >>>the frirst question - is this going to work, if master has one fslib >>>plugin, but slaves have different? And if I don't trust your responce :) , >>>is there some doc on how to use Alice uathentification? >>>(I hope all relevant Alice people are on this list) >>> >>>Thanks, >>>Artem. >>> >>> >> >>Cheers Pavel >> >>