Thanks in advance,
Dejan
230207 15:11:41 12921 XrootdBridge: unknown.2:27@localhost login as nobody
230207 15:11:41 12921 scitokens_Access: Trying token-based access control
230207 15:11:41 12921 scitokens_Access: Token not found in recent cache; parsing.
230207 15:11:41 12921 scitokens_Access: New valid token mapped_username=xrootd, subject=2deba9d1-9558-4963-95bc-75e993e3c82e, issuer=https://iam-escape.cloud.cnaf.infn.it/, groups=/escape,/escape/ska
230207 15:11:41 12921 scitokens_Access: Trying token-based access control
230207 15:11:41 12921 scitokens_Access: Cached token mapped_username=xrootd, subject=2deba9d1-9558-4963-95bc-75e993e3c82e, issuer=https://iam-escape.cloud.cnaf.infn.it/, groups=/escape,/escape/ska
230207 15:11:41 12921 ofs_open: unknown.2:27@localhost Unable to create /data/testfile-token-2.repo; permission denied
230207 15:11:41 12921 XrootdXeq: unknown.2:27@localhost disc 0:00:00 (send failure)
[centos@xrootd ~]$
[centos@xrootd ~]$ sudo cat /etc/xrootd/xrootd-http.cfg
# The export directive indicates which paths are to be exported. While the
all.export /data
# The adminpath and pidpath variables indicate where the pid and various
all.adminpath /var/spool/xrootd
all.pidpath /run/xrootd
# Load the http protocol, indicate that it should be served on port 80.
xrd.protocol XrdHttp:80 libXrdHttp.so
# Config TLS
xrd.tls /etc/grid-security/xrd/xrdcert.pem /etc/grid-security/xrd/xrdkey.pem
xrd.tlsca certdir /etc/grid-security/certificates refresh 8h
xrootd.tls capable all -data
# Dejan tokens part ######################################################
ofs.authorize
ofs.authlib libXrdAccSciTokens.so config=/etc/xrootd/scitokens.cfg
acc.authdb /etc/xrootd/Authfile
# Pass the bearer token to the Xrootd authorization framework.
http.header2cgi Authorization authz
# Only for debugging (comment out after setup is done)
scitokens.trace all
ofs.trace -all
continue /etc/xrootd/config.d/
[centos@xrootd ~]$
[centos@xrootd ~]$ sudo cat /etc/xrootd/scitokens.cfg
[Issuer ESCAPE IAM]
issuer = https://iam-escape.cloud.cnaf.infn.it/
base_path = /data
map_subject = false
default_user = xrootd
[centos@xrootd ~]$
[centos@xrootd ~]$ sudo cat /etc/xrootd/Authfile
= xrootd o: https://iam-escape.cloud.cnaf.infn.it/ g: /escape/ska
# Grant 'xrootd' access to all directories below '/data/'
u xrootd /data a
[centos@xrootd ~]$
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-L list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-L&A=1