That's quite true but I assume the idea is that there is authorization
that is stacked behind the SciToken auth plug-in. We could set an envar
indicating that this is actually the case and then the code could set the
username if further user-based authorization exists and not so otherwise.
On Thu, 9 Dec 2021, Brian P Bockelman wrote:
> Hi Elvin,
>
> Isn't this related to the other ticket? Default user is only set when there's scope-based mapping... otherwise you end up with quite broad permissions if there's no storage authorizations.
>
> https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/XrdSciTokensAccess.cc#L398-L401
>
> Brian
>
> --
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/issues/1567#issuecomment-989921379
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/1567#issuecomment-990082582",
"url": "https://github.com/xrootd/xrootd/issues/1567#issuecomment-990082582",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
