 |
 |
@alrossi I asked on the DDM list to try to learn about a best-practice - I think this xrootd bugtracker is the wrong place, since it's only for development of xrootd, not the application in WLCG. However, what I learned was not really helpful: I did not get indications of any best practice... Finally, I decided to request a robot / service certificate for our xrootd servers from GridKa, register it with VOMS, and have our servers use it. Like this, our servers can authenticate with GSI and TPC will work fine. Other sites, in case they want to fetch data from us, naturally also need to authenticate with GSI, since we did not enable unsafe user auth. I asked on the DDM list whether this is a problem, but was not made aware that this could be an issue. In any case, another issue was that the ddmadmin-user of FTS did not authenticate via GSI, which also made transfers fail. I whitelisted the corresponding certificate explicitly in the Authfile for now and told the DDM list about that - again, no response yet. In summary, since service / robot certificates are also needed for xcache, I would expect this is the way to go. EOSATLAS, on the other hand, has user auth enabled. I asked them, and the reply I got was "that's expected, we need that for TPC". I asked back why they don't use a robot cert - no response. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/694#issuecomment-389643986 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1