Hi Adrian, I think yes, it should work. Why don’t you give it a try? Cheers, Michal > On 24 Feb 2021, at 16:36, Adrian Sevcenco <[log in to unmask]> wrote: > > On 3/2/20 5:13 PM, Michal Kamil Simon wrote: >> Hi Adrian, > Hi Michal! > >> It is the server that tells the client which authentication protocol should be used, >> if you enable loging (e.g. XRD_LOGLEVEL=Dump) you will see in the logs something >> like: >> [Debug ][XRootDTransport ] [your-favourite-host:1094.0] Authentication is required: &P=*gsi*,v:10400,c:ssl,ca:5168735f.0|4339b4bc.0 >> in this example you can see that the server requested gsi authentication. It may >> also give the client a list of authentication protocols that are accepted by the server, >> in this cased they are tried in the order specified by the server. You can force the >> client to use authentication protocol by adding xrd.wantprot cgi element to your url, >> e.g. xrd.wantprot=sss. > so, i delayed this until i received too many emails that they have strange messages when the copy is from eos. > So, this is a tag that is added to the actual uri? > and the form is like "?xrd.wantprot=unix" ? > (as ALICE use tokenauthz envelopes) > > The question is, will this work with eos? will this be stripped correctly my mgm and then proceed forward with the new token for the fst? > > Thanks a lot! > Adrian > >> Hop[e this helps! >> Cheers, >> Michal >> ________________________________________ >> From: Adrian Sevcenco >> Sent: 28 February 2020 14:02 >> To: Michal Kamil Simon; [log in to unmask] >> Subject: Re: xrdfs :: request for x509 proxy??? >> On 2/28/20 1:11 PM, Michal Kamil Simon wrote: >> > Hi Adrian, >> Hi! >> > It's a feature not a bug ;-) >> :)) >> > Now more seriously, if you detach your script from the terminal, >> > it wont be prompted to give a password in order to create a >> > new proxy cert (it will rather simply fail). >> > >> > To summarize, we check if stdin/stdout are attach to a terminal: >> > https://github.com/xrootd/xrootd/blob/master/src/XrdSecgsi/XrdSecProtocolgsi.cc#L4793-L4796 >> > and only then we try to generate the proxy cert if it's absent, >> > otherwise the client simply fails to authenticate. >> ok, got it, but the main problem is that such a request is made! >> why would an xrdfs query request a proxy cert? >> I would like to deny any kind of proxy cert requests and throw an error >> because i would say that if the server request a proxy cert than from >> the perspective of ALICE usage, the server is mis-configured... so, i >> would like to find out why this is requested and how to eliminate the >> need of proxy cert. >> Thanks a lot!! >> Adrian >> > >> > Hope that helps. >> > >> > Cheers, >> > Michal >> > ________________________________________ >> > From: [log in to unmask] [[log in to unmask]] on behalf >> > of Adrian Sevcenco [[log in to unmask]] >> > Sent: 28 February 2020 10:54 >> > To: [log in to unmask] >> > Subject: xrdfs :: request for x509 proxy??? >> > >> > Hi! While doing an stat with xrdfs i encountered this : >> > >> > 200228 10:55:42 1030664 cryptossl_X509CreateProxy: Your identity: >> > /DC=RO/DC=RomanianGRID/O=ISS/CN=Adrian SEVCENCO >> > Enter PEM pass phrase: >> > >> > Why would the xrdfs ask to create proxy? >> > Also, this happened when doing cp operation within python .. >> > >> > While on the issue of required or not i cannot say anything, the fact >> > that i get a dialogue instead of a direct failure is a huge bug!!! >> > It breaks any script that do automatic tasks or a sequence of tasks >> > >> > Thanks! >> > Adrian >> > >> > >> > >> > ######################################################################## >> > Use REPLY-ALL to reply to list >> > >> > To unsubscribe from the XROOTD-L list, click the following link: >> > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 >> -- >> ---------------------------------------------- >> Adrian Sevcenco, Ph.D. | >> Institute of Space Science - ISS, Romania | >> adrian.sevcenco at {cern.ch,spacescience.ro} | >> ---------------------------------------------- > > > -- > ---------------------------------------------- > Adrian Sevcenco, Ph.D. | > Institute of Space Science - ISS, Romania | > adrian.sevcenco at {cern.ch <http://cern.ch/>,spacescience.ro <http://spacescience.ro/>} | > ---------------------------------------------- ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1