I have a PSS service configured in front of an EOS instance but any HTTP TPC transfer fails since the PSS proxy is contacting the backend storage as the user under which the service runs (in this case daemon).
Is there any way to forward the identity of the client when doing HTTP TPC request through a PSS service? Do you have any example of such a working setup?
Thanks!
Just for reference here is the configuration file of the PSS serivice:
ofs.osslib libXrdPss.so
ofs.ckslib * libXrdPss.so
xrootd.chksum adler32
xrootd.seclib libXrdSec.so
pss.origin eospps.cern.ch:1094
all.export /eos/
all.adminpath /var/spool/xrootd
all.pidpath /var/run/xrootd
sec.protocol gsi -dlgpxy:1 -exppxy:=creds -crl:1 -moninfo:1 -cert:/etc/grid-security/daemon/gridftp-cert.pem -key:/etc/grid-security/daemon/gridftp-key.pem -gridmap:/etc/grid-security/grid-mapfile -d:1 -gmapopt:2
sec.protbind * gsi
ofs.tpc autorm fcreds gsi =X509_USER_PROXY ttl 60 60 xfr 9 pgm /usr/local/bin/xrootd-third-party-copy.sh
if exec xrootd
all.sitename eospps
xrd.protocol http:1094 /usr/lib64/libXrdHttp-4.so
http.cadir /etc/grid-security/certificates/
http.cert /etc/grid-security/daemon/gridftp-cert.pem
http.key /etc/grid-security/daemon/gridftp-key.pem
http.gridmap /etc/grid-security/grid-mapfile
http.exthandler xrdtpc libXrdHttpTPC.so
http.exthandler xrdmacaroons libXrdMacaroons.so
http.desthttps yes
#http.trace all
http.secxtractor libXrdHttpVOMS-4.so
macaroons.secretkey /etc/xrootd/macaroon-secret
macaroons.onmissing allow
macaroons.trace all
ofs.authlib libXrdMacaroons.so
#http.listingdeny yes
#http.staticpreload http://static/robots.txt /etc/xrootd/robots.txt
#http.header2cgi Authorization authz
fi
continue /etc/xrootd/config.d/
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1