Hi @asevcenc ,

Did you manage to get this going?
We’re basically in the same spot, we have a working setup with gsi authentication, as soon as we enable the alice token stanzas, authentication seems to break completely.

@esindril: maybe to clarify, there are multiple .pem files at play, the alicetoken package brings the privkey/pubkey this one in referenced in the TkAuthz.Authorization file.
[root@mgm-1 etc]# rpm -ql xrootd-alicetokenacc
/etc/grid-security/xrootd/TkAuthz.Authorization
/etc/grid-security/xrootd/privkey.pem
/etc/grid-security/xrootd/pubkey.pem
[…]

For gsi authentication we have our host certificates (that work correctly for gsi auth without alice tokens enabled).
What we noticed is that authentication is breaking as soon as we enable " mgmofs.authorize 1" stanza.
We’d be grateful for any advice. From what I’ve found in the forum this setup should be possible (A single EOS instance for all LHC VOs?)

Best,
Erich