The GSI authorization configuration is a beast. Here's a current snippet I use:
```
sec.protocol /usr/lib64 gsi \
-certdir:/etc/grid-security/certificates \
-cert:/etc/grid-security/xrd/xrdcert.pem \
-key:/etc/grid-security/xrd/xrdkey.pem \
-crl:1 \
-authzfun:libXrdLcmaps.so \
-authzfunparms:--lcmapscfg,/etc/xrootd/lcmaps.cfg,--no-authz \
-gmapopt:0 \
-authzto:3600
```
There are 8 configuration flags passed to the protocol, including 3 sub-configs passed to the plugin.
Seems it would be much better if we could pass these as separate configuration directives. This would allow us to cleanly override defaults via the new `continue` directive via drop-in config files.
Further, it'd greatly simplify the authorization function plugins if they could access the whole configuration instead of forcing us to squash all configuration into the value passed to `authzfunparms`.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/issues/903
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
