Authorization for VO .

Members of virtual organizations need to be authorized to access the EOS using the voms-proxy-init command.   Below is the authorization procedure with a “kerberos ticket” and the possibility of authorization without a “kerberos ticket”. 

Authorization by certificate.

Works for virtual organizations bmn.nica.jinr, mpd.nica.jinr.

1. Without kerberos.
{{{
klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_xxxx
}}}
voms-proxy-init –rfc –voms mpd.nica.jinr
voms-proxy-info -all

export XrdSecPROTOCOL=gsi,unix
—next commfnd is needed temporarily
export XrdSecGSISRVNAMES=eos-m01.jinr.ru

xrdcp -f -d 1 <file_src> root://eos-m01.jinr.ru//eos/….

2. With Kerberos
{{{
klist
Ticket cache: FILE:/tmp/krb5cc_xxxx
Default principal: <username>@JINR.RU
Valid starting Expires Service principal
06/10/19 13:57:16 06/11/19 14:57:16 krbtgt/JINR.RU@JINR.RU
renew until 06/20/19 13:57:16
06/10/19 13:58:12 06/11/19 13:58:12 host/eos-m01.jinr.ru@JINR.RU
renew until 06/17/19 13:57:16
}}}
voms-proxy-init –rfc –voms mpd.nica.jinr
voms-proxy-info -all
— next command is needed temporarily
export XrdSecGSISRVNAMES=eos-m01.jinr.ru

xrdcp -f -d 1 <file_src> ‘root://eos-m01.jinr.ru//eos/…..?xrd.wantprot=gsi,unix’
или
XrdSecPROTOCOL=gsi,unix

xrdcp -f -d 1 <file_src> root://eos-m01.jinr.ru//eos/….
}}}