Print

Print


Hi Diego,

We totally agree and that was on our development plan. However, there is 
now a big push to get rid of x509 and that caused that item on the list to 
sink pretty far down until we get a good feel on how likely that will be. 
Also, not all certs are forwardable (though I understand that the current 
way of getting a proxy cert also makes it forwardable but that is not 
gauranteed). So, yes, it would be nice to do that but other developments 
are getting in the way.

Andy

On Fri, 16 Feb 2018, Diego Ciangottini wrote:

> Hi,
>
> I'm testing an automatic deployment of a cluster of xrootd proxies working
> on file cache mode.
> I noticed that a proxy server needs its own certificates to authenticate
> with the storage backend regardless the user proxy used by the client that
> made the request.
> On the other hand, a forwarding of the user credentials through the proxy
> would make life easier for our deployment and, I think, more in general for
> an "opportunistic" use of such a cluster.
>
> Said that, I'm wondering what are the reasons that led to the exclusion of
> such a mechanism and if it would be possible to include that in the future.
>
> Cheers,
> Diego
>
> ########################################################################
> Use REPLY-ALL to reply to list
>
> To unsubscribe from the XROOTD-L list, click the following link:
> https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
>

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1