 |
 |
Hi, How is security / authentication handled for simple proxy servers? I was, somewhat naively it seems now, expecting that I can have a proxy without authentication and let this be handled at the redirector where my proxy is pointing (which uses GSI). Here's my config for proxy: ofs.osslib /usr/local/lib64/libXrdPss.so all.export /store pss.origin xrootd.t2.ucsd.edu:1094 pss.memcache debug 3 logstats pagesize 64k sfiles .root size 2g And output from a login attempt (with valid cert-proxy): a) proxy 120125 19:41:19 3567 XrootdXeq: matevz.3965:21@desire login Cache: Attached 1/1 8000 root:[log in to unmask]:1094//store/data/Run2011B/DoubleMu/AOD/30Nov2011-v1/0000/A01348BE-9F1D-E111-88BB-003048FFCB84.root?oss.lcl=1 XrdSec: No authentication protocols are available. Cache: 0 att; rel 0 slots; 0 Faults; 8000 -ì Cache: Stats: 0 Read; 0 Get; 0 Pass; 0 Write; 0 Put; 0 Hits; 0 Miss; 0 pead; 0 HitsPR; 0 MissPR; Path P 120125 19:41:19 3567 ofs_open: matevz.3965:21@desire Unable to open /store/data/Run2011B/DoubleMu/AOD/30Nov2011-v1/0000/A01348BE-9F1D-E111-88BB-003048FFCB84.root; Permission denied 120125 19:41:19 3567 XrootdXeq: matevz.3965:21@desire disc 0:00:00 b) redirector 120125 19:41:20 4028 XrootdXeq: 21.3567:[log in to unmask] disc 0:00:01 So, all I see on the manager/redirector is a disconnect :) In any case, even if I configure authentication on the proxy, how will this get propagated to the redirector? And anyway ... why would the redirector trust my proxy? Best, Matevz ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1