LISTSERV 16.5 - XROOTD-DEV Archives

Hi Andy,

 I agree on being careful and asking others. At the same time
it seems to me that the main consumer of that field is the default
Acc plugin. Which format does it expect for the "group" field ?

 - comma-separated list of groups or just one?
 - should they start with a slash (why?!?!) as I see in the example
   configs?

As I said, we can publish a fix to epel pretty quickly, and I would like it to be
the right thing :-)

Cheers
Fabrizio



On 08/21/2017 10:23 AM, xrootd-dev wrote:
> Hi Fabrizio,
> 
> My first take is that the group field should be populated; it's part of
> the x509 cert. I'd like to say that it should be populated just the same
> way as the VOMS plugin does. I say "like" because I'm not convinced that
> the VOMS plugin actually does it the right way (hence your question about
> the slash). So, let's see what other people say before we change
> anything. Mind you we do have compatability issues here but it would be
> good to hear from others anyway.
> 
> Andy
> 
> On Mon, 21 Aug 2017, Fabrizio Furano wrote:
> 
>> Hi,
>>
>> well, if you think that xrdhttpvoms should populate one more
>> field (group) we can do it and publish pretty quickly to epel.
>>
>> How should it be populated ? Shall the group names start with
>> a slash ?
>>
>> Cheers
>> Fabrizio
>>
>>
>>
>> On 08/20/2017 09:50 PM, xrootd-dev wrote:
>>> It would appear that the voms plugin used by xrootd authentication
>>> populates te group field while the HTTP one does not (or populates it in a
>>> different way). This I deduce because you said:
>>>
>>> g /atlas /beegfs/grid/atlas/atlaslocalgroupdisk
>>> ```
>>> Changing that to:
>>> ```
>>> u * /beegfs/grid/atlas/atlaslocalgroupdisk
>>> ```
>>> let's things work fine, but of course I do not want that.
>>>
>>> The authentication rule works perfectly fine via the xrootd protocol.
>>>
>>> So, the question is why is this he case?
>>>
>>> Yes, to switch to using o and r as well as composite rules (i.e. ones that
>>> "and" o and r, among others), will be available in 4.7.0.
>>>
>>> Andy
>>>
>>> On Sun, 20 Aug 2017, olifre wrote:
>>>
>>>>> LCMAPS provides the username mapping and extraction, then maps VOMS groups to the Xrootd group names.
>>>>
>>>> This sounds like a nice alternative! I looked at `xrdhttpvoms` since it seemed to be more lightweight.
>>>>
>>>> I'll have a look after my holidays are over - unless xrootd 4.7 comes out in the meanwhile and let's `xrdhttpvoms` magically
>>> work when using `o` ;-).
>>>>
>>>> --
>>>> You are receiving this because you are subscribed to this thread.
>>>> Reply to this email directly or view it on GitHub:
>>>> https://github.com/xrootd/xrootd/issues/566#issuecomment-323602010
>>>>
>>>> ########################################################################
>>>> Use REPLY-ALL to reply to list
>>>>
>>>> To unsubscribe from the XROOTD-DEV list, click the following link:
>>>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
>>>
>>> ÿÿ
>>> You are receiving this because you were mentioned.
>>> Reply to this email directly, view it on GitHub <https://github.com/xrootd/xrootd/issues/566#issuecomment-323607626>, or mute
>>> the thread <https://github.com/notifications/unsubscribe-auth/AFIaTyvV234WQczGu3jLC_IrkOHA33bfks5saI4ggaJpZM4O7mEG>.
>>>
>>
>>
>> --
>> You are receiving this because you commented.
>> Reply to this email directly or view it on GitHub:
>> https://github.com/xrootd/xrootd/issues/566#issuecomment-323673009
>> ########################################################################
>> Use REPLY-ALL to reply to list
>>
>> To unsubscribe from the XROOTD-DEV list, click the following link:
>> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
>>
> 
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub <https://github.com/xrootd/xrootd/issues/566#issuecomment-323678995>, or mute
> the thread <https://github.com/notifications/unsubscribe-auth/AFIaT2o5bP6ZRRwXNsf0gWhQJkh5t3iIks5saT6UgaJpZM4O7mEG>.
> 


-- 
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/issues/566#issuecomment-323683599
########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1