Adding support for pure cert/key authentication.
Client controls this mode via XrdSecGSICREATEPROXY:
- If XrdSecGSICREATEPROXY=1 (default), a proxy is auto-generated from the cert/key pair if one is not found.
- If XrdSecGSICREATEPROXY=0, a proxy is used if present. Otherwise, the cert/key pair is used if present (no proxy).
This is mostly meant, on the server side, for pass-less authentication, possible when the key file is pass-less.
NB1: if the key-file is pass-less and XrdSecGSICREATEPROXY = 1 (default) authentication still works with the usual protocol, i.e. creating a proxy and using that for the handshake. Setting XrdSecGSICREATEPROXY = 0 avoids those additional steps.
NB2: Forward / backward compatibility is obtained by enabling the cert/pair mechanism only for versions supporting it
You can view, comment on, or merge this pull request online at:
https://github.com/xrootd/xrootd/pull/1561
Commit Summary
- be975a7 Add support for reading the private key from a separate file
- 3ab3390 Add support for pure cert/key authentication (no proxy)
- 5bccf63 Reverse logic, 'no proxy' to 'create proxy' (see comments to PR#1493)
- d770081 Increase version and add version check
File Changes
(7 files)
Patch Links:
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/pull/1561",
"url": "https://github.com/xrootd/xrootd/pull/1561",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1