I think two types of authentications is reasonable as we have two types of authentication mechanisms (GSI and VOMS). I don't view these as authorization DBs as they simply populate fields in the XrdSecEntity and don't make authorization decisions.
One interesting question is precedence: currently, GSI and VOMS fill in mutually-exclusive fields in the XrdSecEntity for making authorization decisions. If both could fill in the user
field, which should "win"? GSI over VOMS seems reasonable to me (and what's been done in the past).
It is possible (and not entirely irrational) to have a unified mapfile which has both VOMS FQAN and GSI DN's intermixed. That is more flexible than independent mechanisms but I can see the possibility for confusion.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1