The way to properly handle this is to actually reverse the calls. If the VOMS extract (called first) fails and there is a gridmap plugin then you can proceed. If there is none then you fail. If gridmap exists then you must expect the gridmap plugin to succeed and it does not then you fail. The idea is that is there has to be something that gives authorization information. Mind you, leaving authorization as the last protection wall is normally a bad idea if you can avoid it. Here, likely, you would want an "optional" option. That said, I hate that kind of thing because most sites don't know how to apply it and they just wind up compromising themselves.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1236#issuecomment-652910740", "url": "https://github.com/xrootd/xrootd/issues/1236#issuecomment-652910740", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1