 |
 |
Hi Andy, | see your point. The reason for the original ticket was the confusion around client keytab files. Clients could be given multi entry keytab files and you had to know that the last entry won. Now that I have experience with XRootD I see that it was wrong for us to be giving clients multi entry keytabs. You can drop the feature if you like. I am now wiser when I encounter a multi-entry keytab file. My first reaction will be to ask the responsible for the file to reduce it to just one entry, otherwise I’ll know that the last entry wins. Cheers, Steve > On 14 Apr 2020, at 09:34, xrootd-dev <[log in to unmask]> wrote: > > > Hi Steven, > > Not so fast! We now have the capability to select a particulat key > client-side. That ofcource would be done via an envar setting. The > question is do you really need to do that. I really don't want to throw > exceptions plus it very difficult to figure out of there is more than one > keyname in the file (we generally recommend against that). So, the > question remains, do you really want this feature? > > Andy > > > On Tue, 14 Apr 2020, murrayc3 wrote: > > > Hi Andy, > > > > It?s OK. You could throw an error if there is more than one entry in the keytab of a client. I understand that you simply need to know that there should only be one entry in a client keytab and that if there are many then one will be chosen for you which you should avoid. > > > > Cheers, > > > > Steve > > > >> On 11 Apr 2020, at 07:12, Andrew Hanushevsky <[log in to unmask]> wrote: > >> > >> > >> Just touching back on whether this is needed. In R5, the client reports which keyname it is using so that the right key can be extracted from a composite keytab. Generally, we advise allowing client to access a keytab that is being used by different clients. So, generally, the client's keytab would have a single keyname. Just want to be sure that given the change in R5 this is still relevant. > >> > >> ? > >> You are receiving this because you authored the thread. > >> Reply to this email directly, view it on GitHub <https://github.com/xrootd/xrootd/issues/591#issuecomment-612330563>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AD2NLSBKN4GFUNAC7UROKRLRL7333ANCNFSM4D4RJ7IA>. > >> > > > > > > > > -- > > You are receiving this because you are subscribed to this thread. > > Reply to this email directly or view it on GitHub: > > https://github.com/xrootd/xrootd/issues/591#issuecomment-613269481 > > ######################################################################## > > Use REPLY-ALL to reply to list > > > > To unsubscribe from the XROOTD-DEV list, click the following link: > > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1 > > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub <https://github.com/xrootd/xrootd/issues/591#issuecomment-613275704>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AD2NLSGAHSW6CXX62ZGA2NTRMQGW3ANCNFSM4D4RJ7IA>. > -- You are receiving this because you commented. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/591#issuecomment-613310694 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1