 |
 |
@abh3 commented on this pull request.
Two questions before this goes in. The first in a comment in the code about "optional". The second is why do you think that one cannot say "-tokenlib none" as a parameter to ztn. The ztn protocol is not responsible for loading the SciToken plugin for authorization purposes. This is done via the authlib directive. However, it needs that plugin it is in order to validate the token. If no validation is desired there is no reason to load that plugin as it will never be called. Right?
What we have now is an oddity that when you say you don't want validation ztn still requires that the plugin that validates the token be present even though it will never use it. I hope you see the inconsistency here.
In src/XrdSecztn/XrdSecProtocolztn.cc:
> @@ -738,6 +746,18 @@ char *XrdSecProtocolztnInit(const char mode,
return 0;
}
}
+ else if (!strcmp(val, "-validation"))
+ {if (!(val = cfg.GetToken()))
+ {Fatal(erp, "-validation argument missing", EINVAL);
+ return 0;
+ }
+ if (strcmp(val, "ignore")) validation = 0;
+ else if (strcmp(val, "optional")) validation = -1;
Since this has to be documented, the meaning of optional seems not to do anything worthwhile in the code. So, either I am missing something or optional seems irrelevant. Can you explain?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1