This patch re-organizes how proxy delegation is handled and controlled in GSI, and it adds the possibility to save the proxy in Entity.creds .
On the server side, the two switches controlling delegation have been 'cleaned': the first switch enables or disables delegation, the second determines where the delegated proxy will be saved. The new meanings are:
-dlgpxy:0 no delegated proxy [default]
1 ask the client to sign a delegated proxy request
-exppxy:none delegated proxy available in memory (via a server calle to getCredentials)
:=creds delegated proxy available in Entity.creds
:<file_template> delegated proxy available in the indicated file which can include the
following customization tags: <host>, <vo>, <group>, <user>, <rtag>; e.g.
/tmp/x509up_u<user>_<rtag> .
(rtag is a 6 hex chars random string).
On the client, the env XrdSecGSISIGNPROXY is used to enable or deny proxy signature; default is 1, that is enabled. The env XrdSecGSIDELEGPROXY is used to determine the time of delegated proxy: 1 means standard delegated proxy, i.e. a proxy signed by the initial proxy (proxy request created by teh server); 2 means forwarding of the initial proxy.
You can view, comment on, or merge this pull request online at:
https://github.com/xrootd/xrootd/pull/749
Commit Summary
- secgsi: add option to save delegated proxies as credentials
- secgsi: improve notifications for delegated proxy
- secgsi: change server default for delegated proxy
- secgsi: review delegated proxy options for servers
- sutresolve: add support for a random tag
- secgsi: change default and fix comments
File Changes
Patch Links:
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
{"@context":"http://schema.org","@type":"EmailMessage","potentialAction":{"@type":"ViewAction","target":"https://github.com/xrootd/xrootd/pull/749","url":"https://github.com/xrootd/xrootd/pull/749","name":"View Pull Request"},"description":"View this Pull Request on GitHub","publisher":{"@type":"Organization","name":"GitHub","url":"https://github.com"}}
{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/xrootd/xrootd","title":"xrootd/xrootd","subtitle":"GitHub repository","main_image_url":"https://assets-cdn.github.com/images/email/message_cards/header.png","avatar_image_url":"https://assets-cdn.github.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/xrootd/xrootd"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"Restructure GSI proxy delegation options (#749)"}],"action":{"name":"View Pull Request","url":"https://github.com/xrootd/xrootd/pull/749"}}}
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"hideOriginalBody": "false",
"originator": "AF6C5A86-E920-430C-9C59-A73278B5EFEB",
"title": "Restructure GSI proxy delegation options (#749)",
"sections": [
{
"text": "",
"activityTitle": "**Gerardo GANIS**",
"activityImage": "https://assets-cdn.github.com/images/email/message_cards/avatar.png",
"activitySubtitle": "@gganis",
"facts": [
]
},
{
"title": "Commit Summary",
"facts": [
{
"name": "5ad04a3",
"value": "secgsi: add option to save delegated proxies as credentials"
},
{
"name": "f223743",
"value": "secgsi: improve notifications for delegated proxy"
},
{
"name": "e7feb10",
"value": "secgsi: change server default for delegated proxy"
},
{
"name": "9950520",
"value": "secgsi: review delegated proxy options for servers"
},
{
"name": "d45429a",
"value": "sutresolve: add support for a random tag"
},
{
"name": "5d29729",
"value": "secgsi: change default and fix comments"
}
]
},
{
"title": "File Changes",
"facts": [
{
"name": "Modified",
"value": "[src/XrdSecgsi/XrdSecProtocolgsi.cc](https://github.com/xrootd/xrootd/pull/749/files#diff-0) (74 changes)"
},
{
"name": "Modified",
"value": "[src/XrdSecgsi/XrdSecProtocolgsi.hh](https://github.com/xrootd/xrootd/pull/749/files#diff-1) (13 changes)"
},
{
"name": "Modified",
"value": "[src/XrdSut/XrdSutAux.cc](https://github.com/xrootd/xrootd/pull/749/files#diff-2) (8 changes)"
}
]
}
],
"potentialAction": [
{
"name": "Add a comment",
"@type": "ActionCard",
"inputs": [
{
"isMultiLine": true,
"@type": "TextInput",
"id": "IssueComment",
"isRequired": false
}
],
"actions": [
{
"name": "Comment",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"IssueComment\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"issueId\": 749,\n\"IssueComment\": \"{{IssueComment.value}}\"\n}"
}
]
},
{
"name": "Close pull request",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"PullRequestClose\",\n\"repositoryFullName\": \"xrootd/xrootd\",\n\"pullRequestId\": 749\n}"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/pull/749"
}
],
"@type": "OpenUri",
"name": "View on GitHub"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/pull/749.patch"
}
],
"@type": "OpenUri",
"name": "View patch"
},
{
"targets": [
{
"os": "default",
"uri": "https://github.com/xrootd/xrootd/pull/749.diff"
}
],
"@type": "OpenUri",
"name": "View diff"
},
{
"name": "Unsubscribe",
"@type": "HttpPOST",
"target": "https://api.github.com",
"body": "{\n\"commandName\": \"MuteNotification\",\n\"threadId\": 347377793\n}"
}
],
"themeColor": "26292E"
}
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1