Writing the documentation I realized that the way GSI certificates
were tested on the server side was non-optimal.

This patch fixes this; in particular it allows non-fully-privileged
servers to use GSI service certificate (ROOT-specific, ldap, ...) if
read permissions are set (before this was possible only for privileged
daemons).


git-svn-id: http://root.cern.ch/svn/root/trunk@11169 27541ba8-7e3a-0410-8455-c3a389f83636

Improvements:

  o Added support for creation of authentication tokens
    exclusive to parent daemon and its childs; by default
    tokens have inclusive nature, i.e. can be checked by another
    server on the same machine with having access to the key files
    (option -E to rootd/proofd)
  o Added support for non-standard file name for daemon access rules
    (option -D <rootdaemonrc> to rootd/proofd)
  o Added support for non-standard file name for authentication directives
    (PROOF only: option -A [<rootauthrc>] to proofd; see header of
     proofd/src/proofd.cxx)
  o Improved security in ssh authentications


Bug fixes:

  o Fix a few inconsistencies in treating error conditions
  o Fix bug with default init strings for ProxyDuration and ProxyKeyBits
  o Fix problem with checking for valid globus proxies
  o fixed message desynchronization problem in case of non valid offset
  o Modified error call in case of failure of Krb5 initialization:
    execution continues (call Err instead of ErrFatal)
  o Fix (again) problem with cygwingcc definition in rpdutils.cxx
  o Fix problem with fgUser not being correctly saved in case
    of successful authentication in TAuthenticate.cxx
  o Fix a problem with duplication in socket list (TPSocket)
  o Set fContext=0 after deletion TPwdCtx (in TSecContext::Deactivate).
  o Fix link problem with the globus patched function in rootd/Module.mk
    and proofd/Module.mk
  o Added function ProofdTerm (equivalent of RootdTerm) to terminate
    correctly in case of interrupting signal SIGTERM or SIGINT (proofd.cxx)
  o Fix several incorrect comments.


git-svn-id: http://root.cern.ch/svn/root/trunk@8420 27541ba8-7e3a-0410-8455-c3a389f83636

Patched files:

configure
 o improved detection of patch details for globus

README/README.GLOBUS
 o updated

etc/hostcert.conf
 o add example for non-root runs

globusauth/src/GlobusAuth.cxx
 o remove redundant 'access' calls

net/src/TAuthenticate.cxx
 o fix return value in method GetPromptUser

proofd/src/proofd.cxx
 o remove redundant 'access' calls

rpdutils/inc/rpdp.h
 o add new includes file depending on Globus GTK version
 o add prototype for new function GblsToolCheckProxy

rpdutils/src/globus.cxx
 o fix a few typos in debug messages
 o add new function GblsToolCheckProxy for checking user
   proxies when running as non-root
 o remove redundant 'access' calls

rpdutils/src/rpdutils.cxx
 o remove redundant 'access' calls


git-svn-id: http://root.cern.ch/svn/root/trunk@7456 27541ba8-7e3a-0410-8455-c3a389f83636

new authentication scheme supports, the following methods: user/passwd
(but save not clear passwd over wire), ssh, krb5, srp, globus and gui/uid
(like RFIO uses). Everything is documents here:
http://root.cern.ch/root/Auth.html.


git-svn-id: http://root.cern.ch/svn/root/trunk@7174 27541ba8-7e3a-0410-8455-c3a389f83636