Hi,
I've installed a small grid setup using MyProxy, HTCondor and XRootD. My MyProxy server uses a LDAP database to generate user proxies "on the fly". By "on the fly" I mean, that I've disabled the MyProxy feature to accept/store actual certificates. So the idea
is that users are supposed to run "myproxy-logon" (and enter their LDAP password) in order to retrieve a temporary proxy which then can be used to authenticate against XRootD or HTCondor.
This setup works for HTCondor. For instance, I can use my temporary proxy to check the job queue or submit a job. But XRootD authentication doesn't work for some reason. When I try to copy a file to my XRootD server, xrdcp fails (complaining about not being
able to access ~/.globus/userkey.pem). So my first question would be: Why wouldn't the XRootD client simply fall back to using X509_USER_PROXY if ~/.globus/userkey.pem doesn't exist?
Also I've discovered that this setup actually does work if I modify the default path to userkey.pem in such a way that it points to my temporary proxy location (X509_USER_PROXY):
export XrdSecGSIUSERKEY=/tmp/x509up_u$UID
export XrdSecGSIUSERPROXY=/tmp/x509up_u$UID
This leads me to my second question: Would this be "the way to go"?
Best,
Lukas
--
Lukas Koschmieder
Steel Institute IEHK
RWTH Aachen University
Intzestraße 1
52072 Aachen
Germany
Tel: +49 (0)241 80 95823
Fax: +49 (0)241 80 92253
[log in to unmask]