 |
 |
Hello, I was trying to configure xrootd to use gsi authentication both on server (4.8.2-1) and client (4.8.2-2) side but I found out that definition of non default dirs for host cert/key doesn't seem, I mean I could restart xrootd but there was a warning in the xrootd.log (Note: xrootd is invoked by the CASTOR system) 180626 10:59:58 5740 secgsi_Init: WARNING: process has no permission to read the certificate key file: /etc/grid -security/xrd/xrdkey.pem 180626 10:59:58 5740 secgsi_GetSrvCertEnt: failed to load certificate from files (/etc/grid-security/xrd/xrdcert .pem,/etc/grid-security/xrd/xrdkey.pem) The relevant lines in my xrootd config were #------------------------------------------------------------------------------- xrootd.seclib /usr/lib64/libXrdSec.so # UNIX authentication sec.protocol /usr/lib64/ gsi # GSI authentication sec.protocol gsi -crl:3 -cert:/etc/grid-security/xroot_certs/hostcert.pem -key:/etc/grid-security/xroot_certs/hostkey.pem -gridmap:/etc/grid-security/grid-mapfile -gmapopt:2 -gmapto:3600 -d:0 # Configure gsi+krb5 as the default (CERN special, I think) #sec.protbind * only krb5 gsi sec.protbind * only gsi Is this a bug or is it something I do wrong? Many thanks in advance. George -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/756 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1