Sure Michal.
The case where you do not see the secLvl set in the protocol response is as follows:
Client: otfrid.fnal.gov xrdcp 4.10.0
Dest: dCache trunk/master, with signing level = 4 (but that doesn't matter here)
Src: xrootd 4.10 server with the sec level set as indicated (pedantic).
The third-party client in this case is the embedded dCache client.
The transfer uses --tpc delegation only.
The third-party client thus logs in to the xrootd source server using the delegated credential/gsi.
It is this third-party client which then does not sign the open request because it did not see secLvl > 0 in the protocol response from the source server.
When, however, I do:
Client: otfrid.fnal.gov xrdcp 4.10.0
Dest: dCache trunk/master, with signing level = 4 (but that doesn't matter here)
Src: dCache trunk/master, with signing level = 4
that is, a totally dCache-based transfer, the embedded client does sign the request because the dCache source does return the secLvl as = 4 in the protocol response.
HTH,
Al
Hi again,
If the ProtocolResponse is not the place to look for this information, where should the client go to find out about the security level?
Al
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1