Print

Print

Dear,
I nee help to deploy http plugin for xrootd servers. The xrootd version we are runnin right now is xrootd-server-5.1.1-1.
For sec.protocol we are using xrootd-voms-pluging and works fine.

But with the http/macaroons pluging we have some troubles, that is the config file:
if exec xrootd
xrd.protocol http:1094 /usr/lib64/libXrdHttp.so
http.secxtractor libXrdHttpVOMS.so

There is a couple of things you need to straight out: xrootd-voms-pluging and libXrdHttpVoms.so are old packages working with xrootd 4. Since you are using xrotod 5.1.1, you should use
http.secxxtractor libXrdVoms.so
Similarly, in xroot protocol, you should also use libXrdVoms.so.

In addition, you should not use the following deprecated things
http.cert /etc/grid-security/xrd/xrdcert.pem
http.key /etc/grid-security/xrd/xrdkey.pem

You should config TLS instead:

TLS

xrd.tls /etc/grid-security/xrd/xrdcert.pem /etc/grid-security/xrd/xrdkey.pem
xrd.tlsca certdir /etc/grid-security/certificates
xrootd.tls capable all

Ref: https://xrootd.slac.stanford.edu/doc/dev51/xrd_config.htm

I will reply to your auth_file issue next


You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1460#issuecomment-851939753", "url": "https://github.com/xrootd/xrootd/issues/1460#issuecomment-851939753", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1