LISTSERV 16.5 - XROOTD-DEV Archives

  Branch: refs/heads/master
  Home:   https://github.com/xrootd/xrootd
  Commit: ec0754f28fc3cffa551f5cdc42ecdb959b3a0830
      https://github.com/xrootd/xrootd/commit/ec0754f28fc3cffa551f5cdc42ecdb959b3a0830
  Author: Brian Bockelman <[log in to unmask]>
  Date:   2022-03-10 (Thu, 10 Mar 2022)

  Changed paths:
    M src/XrdHttp/XrdHttpProtocol.cc
    M src/XrdHttp/XrdHttpProtocol.hh
    M src/XrdHttp/XrdHttpSecurity.cc

  Log Message:
  -----------
  Have the XrdHttp extraction logic match GSI.

The GSI security protocol defaults to the "trymap" logic which,
according to documentation, is "try to map the DN but if unsuccessful
use the hash of the client’s DN as the user identifier (username)".
With this change, the XrdHttpSecurity interface will follow the same
logic.

Since some sites may have special setups which rely on the old mechanism,
one can get the old behavior by setting the optional new `compatNameGeneration`
configuration in the `http.gridmap` setting.  For example:

```
http.gridmap compatNameGeneration /etc/xrootd/grid-mapfile
```

Would restore the old behavior.

With this change, a user can effectively match the `nomap`, `trymap`,
and `usemap` settings between the XRootD and HTTP protocols and the
two protocols have the same default.  Without the change, only the
`usemap` setting could be matched with HTTP.  Having the defaults the
same greatly decreases the "surprise" factor of using both protocols;
the prior HTTP default of guessing a name from the DN is undocumented.


  Commit: 379ca646320299dc49a0276b7178396ff8f33ce5
      https://github.com/xrootd/xrootd/commit/379ca646320299dc49a0276b7178396ff8f33ce5
  Author: Andrew Hanushevsky <[log in to unmask]>
  Date:   2022-03-10 (Thu, 10 Mar 2022)

  Changed paths:
    M src/XrdHttp/XrdHttpProtocol.cc
    M src/XrdHttp/XrdHttpProtocol.hh
    M src/XrdHttp/XrdHttpSecurity.cc

  Log Message:
  -----------
  Merge pull request #1640 from bbockelm/xrdhttp_eechash

Have the XrdHttp extraction logic match GSI.


Compare: https://github.com/xrootd/xrootd/compare/34d1a1e7e608...379ca6463202

########################################################################
Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1