[gold-users] Authentication of users in Gold

Artem Harutyunyan Artem.Harutyunyan at cern.ch
Thu Aug 2 15:46:44 MDT 2007


I have several questions concerning Gold

- How Gold server authenticates the users? I have captured the gold packets
using sniffer, and noticed that the name of the user is sent the as the
value of 'actor' attribute. What I want to know, is how server figures out
whether the request is really sent let's say from 'amy', or it is 'bob'
trying to impersonate 'amy'.

- In the XML sent from client to server, there is an element called
'Signature', which has inside, 'SignatureValue' (according to SSSRMAP
protocol specification is the signature over the <Body> element). Is that
signature generated using the password kept in $GOLD_HOME/etc/auth_key ?

- SSSRMAP protocol supports six security token types, among them GSI(X.509)
and 'Asymmetric key'. Which of the supported authentication methods are
implemented in Gold ?

- When I tried to start Gold for the first time I've got an error about
missing 'sperl'. The error went away after installation of 'suidperl'. As
far as I know, use of this package is deprecated due to security issues. Why
does gold need that to run ? Is that possible to run Gold without having
'suidperl' ?

Thank you in advance for your help,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.supercluster.org/pipermail/gold-users/attachments/20070802/f8f4f51e/attachment.html

More information about the gold-users mailing list