Shunde Zhang wrote:
Hi Jens,
Sorry for the late response since I've been away for days.
No worries - I know this only too well.
Thanks for your reply and it is very helpful.
Oh, good.
Can I ask if your SRB is a 'normal' one or it is installed with GSI support or with a gridftp interface?
Er, both. (Apologies for going off topic for GLUE-WG) It uses a normal .MdasAuth file for authentication, but also has a gridftp server - which of course uses GSI. The S commands use ENCRYPT1.
At this stage I just started looking at how to publish SRB to our MDS. but I cannot find fields to put SRB's zone, resource and SRB uses username/password so how I can use ACL to show who can use what resource.
Right, in my case the gridftp server is connected to a single SRB resource which in turn is more or less dedicated to a single VO (it's actually a test account for a customer but we use it more for interoperability testing). I am told this is the limitation of the gridftp server: if you're writing, you can access only one resource. However, it fits well with GLUE because you publish an SA with a suitable SAPath for a single VO. At this stage we haven't tried relying on the ACBR for resolving the SRB but it should be possible.
If possible, could you also give me a sample of GLUE xml with SRB information? thanks a lot.
Do an ldapsearch on ldap://pps-bdii.cern.ch:2170 looking for the SE with hostname kisumu.esc.rl.ac.uk. This one works even with lcg-cr! It's there now (just checked) but Derek (our Tier 1 BDII admin among other things) has been talking about moving it over to production so he can test it with CASTOR. If you can't find it, try looking in the toplevel BDII for production. Regards, --jens