Cells may also call gPlazma methods as an alternative, or
as a fallback, to using the gPlazma cell.
If the gPlazma cell is not started, other cells can
still authorize by calling gPlazma methods directly
from a pluggable module. The gPlazma control files and
host certificates are needed on the node from which
authorization will take place. To invoke the gPlazma
modules, modify the following line in
gridftpdoorSetup or
srmSetup to
useGPlazmaAuthorizationModule=true
and make sure that the gplazmaPolicy line
defines a valid gPlazma policy file on the node for
which authorization is to occur:
gplazmaPolicy=${ourHomeDir}/etc/dcachesrm-gplazma.policyNo adjustable timeout is available, but any blocking would likely be due to a socket read in the saml-vo-mapping plugin, which is circumvented by a built-in 30-second timeout.
Both a call to the gPlazma cell and the direct call of
the gPlazma module may be specified. In that case,
authentication will first be tried via the gPlazma
cell, and if that does not succeed, authentication by direct
invocation of gPlazma methods will be tried. Modify the
following lines to:
useGPlazmaAuthorizationModule=true useGPlazmaAuthorizationCell=true
Make sure that the line for gplazmaPolicy
gplazmaPolicy=${ourHomeDir}/etc/dcachesrm-gplazma.policy
set to a local policy file on the node. The gPlazma
policy file on the GridFTP doorSRM does not have to
specify the same plugins as the gPlazma cell.