 |
 |
Hi Patrick, > > Is it true that the sec gsi module would not have any affect on the > authentication of the http calls? I don't understand this question. Could you please be more specific ? > > After configuring a basic test system, my first attempt at access using > a command line client failed and the xrootd log showed: > -Error with certificate at depth: 0 > issuer = /DC=com/DC=DigiCert-Grid/O=Open Science > Grid/OU=People/CN=Patrick McGuigan 55 > subject = /DC=com/DC=DigiCert-Grid/O=Open Science > Grid/OU=People/CN=Patrick McGuigan 55/CN=proxy > err 20:unable to get local issuer certificate > > > I am guessing that the HTTP interface does not understand grid proxy > certificates yet. Will this be added? It already supports grid proxy certs, you have to use the VOMS extractor lib. It could also be that your capath was not configured properly, or that that directory misses the needed CA certificate. > I see that the documentation for > v4.1 is showing support for grid mapfiles. Does this imply proxies will > be supported in that version? > Proxy support is already there. You can play with it in our test server: littlexrdhttp.cern.ch:1094 ---------------- here's an example with my ATLAS proxy $davix-get -k -E /tmp/x509up_u28317 https://littlexrdhttp.cern.ch:1094/ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" ... ... blah blah HTML stuff, and then the relevant part: <span id="requestby">Request by unnamed.73810:25@lxplus0027 (VO: atlas Role: /atlas/Role=NULL/Capability=NULL ) ( [::ffff:188.184.28.34]:41365 )</span></p> <p>Powered by XrdHTTP v20140918-cf01cb4 (CERN IT-SDC)</p> ---------------- Name translation has been added later, and it's independent from proxy support. The grid mapfile feature is still not yet in the main codebase AFAIK, I'm waiting as well for it to be kindly inserted. Time passes. > Will the libXrdHttpVOMS.so security extractor remain an independent > software relrease, or will this be merged into the Xrootd release? > Officially it will be put into the WLCG repo when there is an EPEL release of xrootd4. For having rpm pkgs that work with the current trunk releases, just let me know, you can get them from the DPM trunk repo. Cheers Fabrizio > Regards, > > Patrick > > ######################################################################## > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-L list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1