LISTSERV 16.5 - XROOTD-L Archives

Hi,

>
>
> Tied to the problem below.  Without libXrdHttpVOMS proxy certs aren't understood by the https code.  The intention of the
> question was to verify that configuring the gsi security module in xrootd would have no effect on the https authentication.
>

  Ah, I see. I confirm, configuring XrdSecgsi has no effect on the https auth.

>>
>>   It already supports grid proxy certs, you have to use the VOMS extractor lib.
>>   It could also be that your capath was not configured properly,
>> or that that directory misses the needed CA certificate.
>>
>
> The same cert works through a browser and the certs/ca/crl infrastructure works fine for other grid services.  I would be
> interested in testing with the VOMS library, can you give me a pointer to where I can get a precompiled version?
> I am running with xrootd4-4.0.3-1.slc6.x86_64.
>
> Is there any documentation on any options/parameters to the module?

  There are no additional parameters. If you have hostcert, hostkey and cadir it's already ok.

>
>
> Do you know if there is any functionality to limit particular HTTP methods (DEL, MKCOL, COPY, MOVE) to particular VOMS attributes?
>

  XrdHttp does only authentication, while authorization is demanded to the rest of the xrootd framework.
  The sense of XrdHttp is that it uses gsi/voms to fill the internal
authentication data structure, which then is passed normally to the xrootd
framework to fulfil the data requests.
  To limit access based on auth you have to use an XrdAcc plugin, like for normal xrootd protocol access.

  Beware, authorization may not work as expected until the pull request that
gives the username mapping functionality is inserted.

  You can get the libXrdHTTPVOMS from here:

/afs/cern.ch/project/gd/www/dms/lcgdm/repos/el6/x86_64/xrdhttpvoms-0.1.0-1.20141020.0957.el6.x86_64.rpm

  This has been compiled with the xrootd trunk version marked as 20140918.cf01cb4-1, which is
the last one we compiled the trunk of dpm-xrootd with. It's available from the same repo.

  If you just want to use the YUM repo, it's here:
  http://svn.cern.ch/guest/lcgdm/extras/build/repos/lcgdm-cbuilds-el6.repo


  Please let me know how it goes.
  Fabrizio

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1