 |
 |
Hi Bockjoo, It is the server that decides what authentication protocols the client can use to authenticate. From the logs you posted it seems that the server only allows GSI authentication. In order to use tokens it is recommended that the server enables ZTN authentication. Cheers, Michal > On 25 Feb 2022, at 17:55, Bockjoo Kim <[log in to unmask]> wrote: > > Hi, > > CMS built xrdcp as the CMS software external. > > When I run it, it does not look it recognizes the token passed and is looking for X509: > > -bash-4.2$ ( export BEARER_TOKEN=$BEARER_TOKEN ; unset X509_USER_PROXY ; xrdcp -d 1 -f root://cmsio2.rc.ufl.edu//store/user/bockjoo/sitedb.list?authz=Bearer%20$BEARER_TOKEN $(pwd)/sitedb.list ) > [2022-02-25 17:53:35.503759 +0100][Info ][AsyncSock ] [cmsio2.rc.ufl.edu:1094.0] TLS hand-shake done. > 220225 17:53:36 23215 cryptossl_X509CreateProxy: EEC certificate has expired > [2022-02-25 17:53:36.972629 +0100][Error ][XRootDTransport ] [cmsio2.rc.ufl.edu:1094.0] No protocols left to try > [2022-02-25 17:53:36.972675 +0100][Error ][AsyncSock ] [cmsio2.rc.ufl.edu:1094.0] Socket error while handshaking: [FATAL] Auth failed > > How can I check why this xrdcp version 5.4.0 built from the CMS software does not behave? > > Thanks, > > Bockjoo > > ######################################################################## > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-L list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-L list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1