Hi @abh3 -

Thought a bit more on the idea of XrdProtocolAnon over the weekend. The primary problem I see is the lack of compatibility for older clients -- the whole reason I delved into this proposed "anonymous mode" over the weekend was I have a use case where:

  1. The network is secure (no MiTM).
  2. I want to support users with a variety of old CMSSW versions.

I still like the idea of having a separate token authentication protocol - but that's a touch more work (and will require a new client).

So, I see two potential routes here:

  1. We go forward with this new flag for the existing XrdSecunix plugin.
  2. We implement a XrdSecAnon plugin that advertises itself at the wire protocol level as unix. One keeps compatibility with old releases but the local site admin has to very explicitly load it (can't operate in this mode by accident -- although I would guess the sec.protocol unix anonymous in the existing patch is pretty explicit...)


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/pull/1195#issuecomment-630184343", "url": "https://github.com/xrootd/xrootd/pull/1195#issuecomment-630184343", "name": "View Pull Request" }, "description": "View this Pull Request on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1