Client enforces this mode by setting XrdSecGISNOPROXY = 1.
Key file must be pass-less for this work.
NB: if the key-file is pass-less and XrdSecGISNOPROXY = 0 (default) authentication still works with the usual protocol, i.e. creating a proxy and using that for the handshake. Setting XrdSecGISNOPROXY = 1 avoids those additional steps.
You can view, comment on, or merge this pull request online at:
https://github.com/xrootd/xrootd/pull/1493
-- Commit Summary --
* Add support for reading the private key from a separate file
* Add support for pure cert/key authentication (no proxy)
-- File Changes --
M src/XrdCrypto/XrdCryptoFactory.hh (2)
M src/XrdCrypto/XrdCryptosslAux.cc (20)
M src/XrdCrypto/XrdCryptosslAux.hh (4)
M src/XrdSecgsi/XrdSecProtocolgsi.cc (73)
M src/XrdSecgsi/XrdSecProtocolgsi.hh (9)
M src/XrdSecgsi/XrdSecgsiProxy.cc (2)
M src/XrdSecgsi/XrdSecgsitest.cc (2)
-- Patch Links --
https://github.com/xrootd/xrootd/pull/1493.patch
https://github.com/xrootd/xrootd/pull/1493.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/1493
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
