Hi,

I've installed a small grid setup using MyProxy, HTCondor and XRootD. My MyProxy server uses a LDAP database to generate user proxies "on the fly". By "on the fly" I mean, that I've disabled the MyProxy feature to accept/store actual certificates. So the idea is that users are supposed to run "myproxy-logon" (and enter their LDAP password) in order to retrieve a temporary proxy which then can be used to authenticate against XRootD or HTCondor.

This setup works for HTCondor. For instance, I can use my temporary proxy to check the job queue or submit a job. But XRootD authentication doesn't work for some reason. When I try to copy a file to my XRootD server, xrdcp fails (complaining about not being able to access ~/.globus/userkey.pem). So my first question would be: Why wouldn't the XRootD client simply fall back to using X509_USER_PROXY if ~/.globus/userkey.pem doesn't exist?

Also I've discovered that this setup actually does work if I modify the default path to userkey.pem in such a way that it points to my temporary proxy location (X509_USER_PROXY):

  export XrdSecGSIUSERKEY=/tmp/x509up_u$UID
  export XrdSecGSIUSERPROXY=/tmp/x509up_u$UID

This leads me to my second question: Would this be "the way to go"?

Best,
Lukas