 |
 |
> Simply establish a GSI connection but consider the client side unauthenticated? I'm not sure I understand the suggestion - this ticket has been about xrdcp executed on a server after being told by a client to perform a third-party-copy. If the server has a robot cert, everything already works fine. My initial question was if things can work without a robot cert (and then, naturally, GSI can not be used), since the tpc key is available. However, the tpc key only grants authorization after an initial authentication. The two solutions to get servers authenticated to other servers using GSI are: - Get a robot cert, so the server can do GSI. That works fine. - Implement proxy delegation. This is under way. What exactly is your proposal? To allow unauthorized clients to proceed to the authorization stage? My expectation is that is unsafe, since also unix auth is regarded as unsafe. On a side note, xrootd's HTTP implementation is still not suitable for WLCG, e.g. due to https://github.com/xrootd/xrootd/issues/691 , so it's not useful for WLCG replication anyways right now. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/694#issuecomment-390500272 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1