Hi, I wonder if there is an intended way of forwarding X509_Proxies by the XRootD ProxyFileCache, when reading data, so that specific users can only access data they allowed to, based on their credentials. The workaround we have found is to deposit a robot certificate on the machine working as a ProxyFileCache, which is then used to authenticate against the data server. This however would allow users to access data through the proxy, which should in principle not have access to. It would be more reasonable, if there was a way which allows to forward the X509_proxy used to authenticate against the ProxyFileCache to the data server, so every user data access is authenticated by the user's certificate.

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1693", "url": "https://github.com/xrootd/xrootd/issues/1693", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1