Hello,
What is necessary in order to get the 4.9 xrdcp client to sign proxy requests besides setting the env variable?
I cannot find anything in the documentation that describes this (your GSI document merely mentions the kgsiHandshakeOpts enum that is used internally).
I have looked at
XrdSecprotocolgsi.cc
With respect to the client, here is what I see.
Your extern C initializing function, char *XrdSecProtocolgsiInit, at l. 2557 does:
cenv = getenv("XrdSecGSIDELEGPROXY");
if (cenv)
opts.dlgpxy = atoi(cenv);
this function does a tail call on the C++ initializer: char *XrdSecProtocolgsi::Init(gsiOptions opt, XrdOucErrInfo *erp)
which in turn, at l. 989, sets up the options for the client:
// Delegate proxy options
if (opt.dlgpxy > 0) {
PxyReqOpts |= kOptsSigReq;
if (opt.dlgpxy == 2) {
PxyReqOpts |= kOptsFwdPxy;
} else {
PxyReqOpts |= kOptsDlgPxy;
}
}
So, from the looks of it, all it should take to get the client to sign delegation requests is to set the env var XrdSecGSIDELEGPROXY to 1.
The script I am using to run the 4.9 client has this:
#!/bin/bash
export LD_LIBRARY_PATH="/usr/share/xrootd/xrootd-4.9.0/lib64:$LD_LIBRARY_PATH"
export XrdSecGSIDELEGPROXY=1
/usr/share/xrootd/xrootd-4.9.0/bin/xrdcp $@
and yet, the dCache server/door tells me on the sigpxy step that it has received a kXRS_message bucket with the following:
"client cannot sign request; Not allowed to sign proxy requests."
Is there something else that needs to be done in order to get the client to sign proxy requests?
Thanks, Al
________________________________________________
Albert L. Rossi
Application Developer & Systems Analyst III
Scientific Computing Division, Data Movement Development
FCC 229A
Mail Station 369 (FCC 2W)
Fermi National Accelerator Laboratory
Batavia, IL 60510
(630) 840-3023
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1
