The GSI authorization configuration is a beast. Here's a current snippet I use:
sec.protocol /usr/lib64 gsi \
-certdir:/etc/grid-security/certificates \
-cert:/etc/grid-security/xrd/xrdcert.pem \
-key:/etc/grid-security/xrd/xrdkey.pem \
-crl:1 \
-authzfun:libXrdLcmaps.so \
-authzfunparms:--lcmapscfg,/etc/xrootd/lcmaps.cfg,--no-authz \
-gmapopt:0 \
-authzto:3600
There are 8 configuration flags passed to the protocol, including 3 sub-configs passed to the plugin.
Seems it would be much better if we could pass these as separate configuration directives. This would allow us to cleanly override defaults via the new continue
directive via drop-in config files.
Further, it'd greatly simplify the authorization function plugins if they could access the whole configuration instead of forcing us to squash all configuration into the value passed to authzfunparms
.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1