Well, the short answer is yes, it is possible but then you have a server
where anyone can actually come in wihout authentication because I can
easily setup a client that bypasses GSI. What your banking on that if some
does bypass strong authentication you will *always* catch it because they
wouldn't have the correct authorization token. We haven't certified that
this is the case so in effect you're allowing anonymous logins. Yes, I am
not a proponent of that scheme for obvious security implications.
Tha said, you can do that by adding some useless authentication scheme in
addition to GSI (e.g. unix authentication). In this case, define GSI
first, then unix second. If gsi fails, the client will try unix which
always succeeds.
Andy
On Mon, 4 May 2020, Derek Weitzel wrote:
> Ah, I think I used the wrong words. My goal is to have a server that will use GSI or Tokens to retrieve data. Is there a way for a xrootd server to accept a non-gsi authentication (no authentication), then use tokens for authorization? While at the same time, also allowing connections with GSI authentication and authorization?
>
> --
> You are receiving this because you commented.
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/issues/1188#issuecomment-623746730
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/1188#issuecomment-623754133",
"url": "https://github.com/xrootd/xrootd/issues/1188#issuecomment-623754133",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
