paulmillar
commented
2 years ago Unfortunately not (if you're referring to dropping it in the 6.2 branch).
The problem is that this patch was back-ported to 6.2, rather than being there from the start.
Just as an example: it's legitimate for a site to upgrade the door and head node to v6.2.31 or newer without updating their pool nodes. Enabling gplazma.scitoken.dcache-supports-exempt-principal with "old" (pre-6.2.31) pool nodes would break that site's support for SciTokens or WLCG (AuthZ-WG JWT) tokens: the pools would just wouldn't work any more (for those clients).
This is even a problem with 7.2. We support sites running v7.2 doors and head-nodes with old pool nodes, going as far back as 6.2. Those pool nodes could even be running a early (pre-6.2.31) version of dCache, which doesn't support for this principal.
With the forthcoming 8.0, we can probably drop this option. Technically 7.2.0 doesn't support the new principal (support was added with 7.2.1), so we should only drop it once 9.0 is released. However, I don't think anyone will be running 7.2.0 pools with 8.0 doors and head nodes.
calestyo
Hey.
Just wondered whether
gplazma.scitoken.dcache-supports-exempt-principalintroduced with 84e995f98ecfed11153293f4f33d89cf267531c2 is obsolete by now.AFAIU it, all versions starting with 6.2 have support for that and are recent enough - but any other versions are no longer supported.
Cheers, Chris.