I think two types of authentications is reasonable as we have two types of authentication mechanisms (GSI and VOMS). I don't view these as authorization DBs as they simply populate fields in the XrdSecEntity and don't make authorization decisions. One interesting question is precedence: currently, GSI and VOMS fill in mutually-exclusive fields in the XrdSecEntity for making authorization decisions. If both could fill in the `user` field, which should "win"? GSI over VOMS seems reasonable to me (and what's been done in the past). It is possible (and not entirely irrational) to have a unified mapfile which has both VOMS FQAN and GSI DN's intermixed. That is more flexible than independent mechanisms but I can see the possibility for confusion. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1538#issuecomment-952485596 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1