Follow-up Comment #4, sr #119913 (project xrootd): The authentication for xrdcp (as well as any other xrootd-related application) relies on the client class to do the authentication (i.e. XrdClient or XrdClientAdmin). The actual authentication is driven by the appropriate security plug-in. For Kerberos, there needs to be a working Kerberos server accessible by the client as well as the server that needs to be in the server's Kerberos domain. This is required by the Kerberos protocol not the particular implementation. As for GSI and Castor, I do not know. _______________________________________________________ Reply to this item at: <http://savannah.cern.ch/support/?119913> _______________________________________________ Message sent via/by LCG Savannah http://savannah.cern.ch/