I have a PSS service configured in front of an EOS instance but any HTTP TPC transfer fails since the PSS proxy is contacting the backend storage as the user under which the service runs (in this case daemon).

Is there any way to forward the identity of the client when doing HTTP TPC request through a PSS service? Do you have any example of such a working setup?

Thanks!

Just for reference here is the configuration file of the PSS serivice:

ofs.osslib  libXrdPss.so
ofs.ckslib  * libXrdPss.so
xrootd.chksum  adler32
xrootd.seclib  libXrdSec.so
pss.origin  eospps.cern.ch:1094
all.export  /eos/
all.adminpath  /var/spool/xrootd
all.pidpath  /var/run/xrootd
sec.protocol  gsi -dlgpxy:1 -exppxy:=creds -crl:1 -moninfo:1 -cert:/etc/grid-security/daemon/gridftp-cert.pem -key:/etc/grid-security/daemon/gridftp-key.pem -gridmap:/etc/grid-security/grid-mapfile -d:1 -gmapopt:2 
sec.protbind  * gsi
ofs.tpc  autorm fcreds gsi =X509_USER_PROXY ttl 60 60 xfr 9 pgm /usr/local/bin/xrootd-third-party-copy.sh

if exec xrootd
  all.sitename eospps
  xrd.protocol http:1094 /usr/lib64/libXrdHttp-4.so
  http.cadir /etc/grid-security/certificates/
  http.cert /etc/grid-security/daemon/gridftp-cert.pem
  http.key /etc/grid-security/daemon/gridftp-key.pem
  http.gridmap /etc/grid-security/grid-mapfile
  http.exthandler xrdtpc libXrdHttpTPC.so
  http.exthandler xrdmacaroons libXrdMacaroons.so
  http.desthttps yes
  #http.trace all
  http.secxtractor libXrdHttpVOMS-4.so
  macaroons.secretkey /etc/xrootd/macaroon-secret
  macaroons.onmissing allow
  macaroons.trace all
  ofs.authlib libXrdMacaroons.so
  #http.listingdeny yes
  #http.staticpreload http://static/robots.txt /etc/xrootd/robots.txt  
  #http.header2cgi Authorization authz
fi

continue  /etc/xrootd/config.d/

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1085?email_source=notifications\u0026email_token=AA7NRDQGHAWTS2RJYI4XCMLQUU7TBA5CNFSM4JPTEBHKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4H2XNWXA", "url": "https://github.com/xrootd/xrootd/issues/1085?email_source=notifications\u0026email_token=AA7NRDQGHAWTS2RJYI4XCMLQUU7TBA5CNFSM4JPTEBHKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4H2XNWXA", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1