Hi Wei,
> The way it works in xrootd and others is that the applications will check X509_USER_PROXY. Failing that, check /tmp/x509up_u$(id -u.
Is there a way to determine why Xrootd fails using X509_USER_PROXY? Even on the highest debug level I do not see anything indicating that Xrootd even attempts to access that file. I can unset the environment variable X509_USER_PROXY or delete the corresponding file, the behavior is always the same.
> It will never use ~/.globus/userkey.pem alone since that file has only private key.
That's true but it is irrelevant to my setup because I don't have neither userkey.pem nor usercert.pem, I only use X509_USER_PROXY.
> Giving the way you use MyProxy, I suppose you also have its own CA? Assuming that the Xrootd have access to the CA, it should grant you access base on the X509 proxy you obtain
from the MyProxy.
Yes, I have an own CA. But what do you mean by "Xrootd have access to the CA"? Are you speaking about Xrootd TRUSTING the CA? There is no direct communication between Xrootd and MyProxy from what I understand...
Best,
Lukas
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1