 |
 |
Hi all, Awhile back, I submitted a patch for XrdSecgsi to map client certificates to user names using a callout mechanism which is given the entire certificate chain (the current callout mechanism uses only the DN). This allowed integration of XrdSecgsi with LCAS/LCMAPS, and hence GUMS/SCAS/Argus. This is *distinct* from the Xrootd authz mechanism which, for example, ALICE uses. After some discussion, it was decided that the proper way to do this is to hand the callout function a XrdSec object (so the callout implementations can be reused for multiple security protocols). However, the discussion died out there. Has there been any progress? I'd really prefer to have this implemented the "right way" before sites start rolling this out. Brian