Why precisely does GSI authentication require a client certificate? There's no underlying technical reason - it's just that the current implementation requires it. Indeed - unauthenticated clients should proceed to the authorization stage just like they do elsewhere. If they are unauthenticated and have an authorized token for a TPC, then they should indeed be authorized. That's the whole point of a bearer token. FWIW - FTS-based transfers work regardless of #691 and we are indeed using them for WLCG replication. I would hardly say that the presence of a technical bug (which should be followed up and fixed, of course) in the handling of a Nagios test makes any implications about "suitability". It just means there's continued room for improvement. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/694#issuecomment-390767349 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1