Hello, What is necessary in order to get the 4.9 xrdcp client to sign proxy requests besides setting the env variable? I cannot find anything in the documentation that describes this (your GSI document merely mentions the kgsiHandshakeOpts enum that is used internally). I have looked at XrdSecprotocolgsi.cc With respect to the client, here is what I see. Your extern C initializing function, char *XrdSecProtocolgsiInit, at l. 2557 does: cenv = getenv("XrdSecGSIDELEGPROXY"); if (cenv) opts.dlgpxy = atoi(cenv); this function does a tail call on the C++ initializer: char *XrdSecProtocolgsi::Init(gsiOptions opt, XrdOucErrInfo *erp) which in turn, at l. 989, sets up the options for the client: // Delegate proxy options if (opt.dlgpxy > 0) { PxyReqOpts |= kOptsSigReq; if (opt.dlgpxy == 2) { PxyReqOpts |= kOptsFwdPxy; } else { PxyReqOpts |= kOptsDlgPxy; } } So, from the looks of it, all it should take to get the client to sign delegation requests is to set the env var XrdSecGSIDELEGPROXY to 1. The script I am using to run the 4.9 client has this: #!/bin/bash export LD_LIBRARY_PATH="/usr/share/xrootd/xrootd-4.9.0/lib64:$LD_LIBRARY_PATH" export XrdSecGSIDELEGPROXY=1 /usr/share/xrootd/xrootd-4.9.0/bin/xrdcp $@ and yet, the dCache server/door tells me on the sigpxy step that it has received a kXRS_message bucket with the following: "client cannot sign request; Not allowed to sign proxy requests." Is there something else that needs to be done in order to get the client to sign proxy requests? Thanks, Al ________________________________________________ Albert L. Rossi Application Developer & Systems Analyst III Scientific Computing Division, Data Movement Development FCC 229A Mail Station 369 (FCC 2W) Fermi National Accelerator Laboratory Batavia, IL 60510 (630) 840-3023 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1