 |
 |
Hi Albert, The xroot proxy server is similar to many other such servers. However, we decided some time ago to make it a powerful addition even if you don't need to bridge a firewall. To that extent it is an implementation of a data server but uses other data servers as the source/target of all requests. This provides a lot of features but does restrict you somewhat in the client credentials area. Here we usually need to use the server's credentials on the back end while we fully authenticate and authorize client credentials on the front end. We do have a mode using sss authentication to proxy any client credential but the proxied credential cannot be delegated after that point. In practice, this satisfies just about all the use cases we've seen. Again, the reference is your friend.... https://xrootd.slac.stanford.edu/doc/dev53/pss_config.htm Andy On Mon, 11 Apr 2022, Albert Rossi via RT wrote: > ********************************************************************************* > This is an automated mail to inform you about a ticket update. > When replying do not change the squared brackets part in the subject line. > Type your text above this box and S T R I P P R E V I O U S M A I L S please!! > ********************************************************************************* > > Hi Andy (et al.), > > A quick question. > > What are the options offered by xrootd for deployment or configuration when all data servers are behind a firewall which blocks all direct access by clients on an external network? > > Section 4.2 of the configuration documentation<https://xrootd.slac.stanford.edu/doc/dev55/xrd_config.htm#_Toc88513970> seems to suggest a proxy server would be necessary in this case. Is that correct? > > If so, what exactly does this proxy server do, and how is it set up? > > Thanks, > > Al > > ________________________________________________ > Albert L. Rossi > Senior Software Developer > Scientific Computing Division, Scientific Data Services, Distributed Data Development > FCC 229A > Mail Station 369 (FCC 2W) > Fermi National Accelerator Laboratory > Batavia, IL 60510 > (630) 840-3023 > > > > > ********************************************************************************* > The Provider of this service, in the legal sense, the Deutsche Elektronen- > Synchrotron DESY. > > Handling personal information: DESY takes the protection of personal information > seriously. DESY undertakes to protect the private sphere of all persons using its > services and to treat any personal information provided in strictest confidence. > The information is solely used for the respective purposes given and will not be > passed on to third parties. It will be deleted as soon as it has served the given > purpose. More info: https://www.desy.de/data_privacy_policy/index_eng.html > ********************************************************************************* > > ######################################################################## > Use REPLY-ALL to reply to list > > To unsubscribe from the XROOTD-DEV list, click the following link: > https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1 > ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1