[transfer-api] Can I use cert-based authentication with MyProxy?
potekhin at bnl.gov
Wed Feb 1 13:11:27 CST 2012
What' the logic behind having to encrypt the client proxy?
Can we do without it?
On 2/1/2012 2:05 PM, Bryce Allen wrote:
> It might be possible using a small C program to create the
> certificate, and then the openssl command to sign. The problem is that
> the openssl command only supports creating certificates using CSRs,
> which are not sent by the Transfer API server and require the private
> key to work. Since the channel is already authenticated, we currently
> just send the public key. Another option would be to modify the API to
> send a CSR (possibly alongside the public key so it's backward
> compatible), but server side changes take a lot more time to get
> I'll take a quick look at how hard it would be to write the required C
> On Wed, 01 Feb 2012 13:53:14 -0500
> Maxim Potekhin<potekhin at bnl.gov> wrote:
>> I don't have a working M2 on any of my nodes, and my attempts to
>> build it failed, in one case due to an old swig and then because of
>> non-standard location
>> of openssl headers. The installer does not seem to be flexible enough
>> to correct this quickly and w/o root access (which I don't have).
>> Do you think you can provide a openssl recipe? That would allow us to
>> move forward, because otherwise I don't see how we can code up our
More information about the transfer-api