LISTSERV 16.5 - XROOTD-DEV Archives

This patch re-organizes how proxy delegation is handled and controlled in GSI, and it adds the possibility to save the proxy in Entity.creds .

On the server side, the two switches controlling delegation have been 'cleaned': the first switch enables or disables delegation, the second determines where the delegated proxy will be saved. The new meanings are:
              -dlgpxy:0              no delegated proxy [default]
                           1              ask the client to sign a delegated proxy request

              -exppxy:none       delegated proxy available in memory (via a server calle to getCredentials)
                           :=creds    delegated proxy available in Entity.creds
                           :<file_template>  delegated proxy available in the indicated file which can include the
                                           following customization tags: <host>, <vo>, <group>, <user>, <rtag>; e.g.
                                           /tmp/x509up_u<user>_<rtag> .

(rtag is a 6 hex chars random string).

On the client, the env XrdSecGSISIGNPROXY is used to enable or deny proxy signature; default is 1, that is enabled. The env XrdSecGSIDELEGPROXY is used to determine the time of delegated proxy: 1 means standard delegated proxy, i.e. a proxy signed by the initial proxy (proxy request created by teh server); 2 means forwarding of the initial proxy.

You can view, comment on, or merge this pull request online at:

  https://github.com/xrootd/xrootd/pull/749

-- Commit Summary --

  * secgsi: add option to save delegated proxies as credentials
  * secgsi: improve notifications for delegated proxy
  * secgsi: change server default for delegated proxy
  * secgsi: review delegated proxy options for servers
  * sutresolve: add support for a random tag
  * secgsi: change default and fix comments

-- File Changes --

    M src/XrdSecgsi/XrdSecProtocolgsi.cc (74)
    M src/XrdSecgsi/XrdSecProtocolgsi.hh (13)
    M src/XrdSut/XrdSutAux.cc (8)

-- Patch Links --

https://github.com/xrootd/xrootd/pull/749.patch
https://github.com/xrootd/xrootd/pull/749.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/749

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1