@abh3 Thanks, indeed I got the grpopt numbers flipped! Sorry for that.

However, I can also reproduce the problem with "12":

sec.protocol /usr/lib64 gsi -dlgpxy:1 -exppxy:=creds -ca:1 -crl:3 -gridmap:/dev/null -cert:/etc/grid-security/hostcert.pem -key:/etc/grid-security/hostkey.pem -certdir:/etc/grid-security/certificates -vomsfun:/usr/lib64/libXrdSecgsiVOMS.so -vomsfunparms:certfmt=raw|vos=atlas,ops,dteam,wlcg|grps=/atlas,/ops,/dteam,/wlcg|grpopt=12

(i.e. authentication for any but the first VO fails) vs.

sec.protocol /usr/lib64 gsi -dlgpxy:1 -exppxy:=creds -ca:1 -crl:3 -gridmap:/dev/null -cert:/etc/grid-security/hostcert.pem -key:/etc/grid-security/hostkey.pem -certdir:/etc/grid-security/certificates -vomsfun:/usr/lib64/libXrdSecgsiVOMS.so -vomsfunparms:certfmt=raw|grpopt=12|vos=atlas,ops,dteam,wlcg|grps=/atlas,/ops,/dteam,/wlcg

which works fine.

Interestingly, it also fails if I completely remove grpopt. My understanding of the code / documentation was that 12 is the setting which will automatically be used if grps is set.
I'm using xrootd 4.12.1 (with xrootd-voms 4.12.1).

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1196#issuecomment-630036601", "url": "https://github.com/xrootd/xrootd/issues/1196#issuecomment-630036601", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1