Skip to content

Authentication between CTA Servers

The CTA Frontend requires both Kerberos and SSS authentication. See figure below.

Kerberos is used to authenticate user archive/retrieve commands and admin commands.

SSS is used to authenticate communication between the Frontend and CTA/EOS mgm. There will be one EOS instance per User (Atlas, CMS, etc.), each of which can send archive and retrieve requests to the CTA Frontend. Each EOS instance should have its own Simple Shared Secret (SSS) key. The EOS instance name is used as the user name for the SSS key.

Authentication Mechanisms in CTA