 |
 |
Dear XRootD experts, first, congratulations on the new major release! I'm already playing with it on a test machine. Migrating our configuration over, I found xrdhttpvoms (from EPEL) is incompatible with XRootD 5 (and in any case, not in EPEL 8). From the R5 Release Notes, I am unsure whether this library (i.e. the SecXtractor) is actually still needed, or the Voms library now handles both GSI, HTTP (and also the http.secxtractor)? But seeing it still mentioned in this example: https://github.com/xrootd/xrootd/blob/master/src/XrdHttp/xrootd-http.cf makes me unsure whether this library is really obsolete. I'm asking since just dropping the http.secxtractor configuration seems to make authentication fail for me, so either I need to delve a bit deeper and debug this, or I am getting something wrong from the start ;-). In other words, I used this config part: ----------------------------- http.secxtractor /usr/lib64/libXrdHttpVOMS.so if exec xrootd xrd.protocol XrdHttp /usr/lib64/libXrdHttp.so fi sec.protocol /usr/lib64 gsi -dlgpxy:1 -exppxy:=creds -ca:1 -crl:3 -gridmap:/dev/null -cert:/etc/grid-security/hostcert.pem -key:/etc/grid-security/hostkey.pem -certdir:/etc/grid-security/certificates -vomsfun:/usr/lib64/libXrdVoms.so -vomsfunparms:certfmt=raw|grpopt=useall|vos=atlas,ops,dteam,wlcg|grps=/atlas,/atlas/de,/ops,/dteam,/wlcg|dbg ----------------------------- before, and wonder how to "migrate" to R5 (first getting things working before attacking new functionality such as TLS) :-). (of course, the config is longer and I also set a key, cert and CA-dir for HTTP) Cheers, Oliver -- Oliver Freyermuth Universität Bonn Physikalisches Institut, Raum 1.047 Nußallee 12 53115 Bonn -- Tel.: +49 228 73 2367 Fax: +49 228 73 7869 -- ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1