Well, technically it need not be required as SSS encrupts all of it's
transactions. However, I suspect that somewhere there is a check whether
or not the TLS is enabled when ztn creds show up and, if not, they are
discarded. Indeed, there are a lot of moving pieces here. The question is
whether or not requiring TLS on the origin via SSS is the proper way of
handling this.
Andy
On Thu, 22 Dec 2022, Bryan Hess wrote:
> BINGO-- forcing the origin to use TLS was the missing piece of the puzzle, and my configuration now works as expected. I get the ztn credentials on the origin and am able to map them to a local unix user successfully with multiuser.
>
> Thank you both for your help! This setup has lots of moving parts, and the guidance of where to look was super valuable. Have a good holiday!
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/issues/1851#issuecomment-1362968857
> You are receiving this because you were mentioned.
>
> Message ID: ***@***.***>
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.
Message ID: <xrootd/xrootd/issues/1851/1376543198@github.com>
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/1851#issuecomment-1376543198",
"url": "https://github.com/xrootd/xrootd/issues/1851#issuecomment-1376543198",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1