Terrell Russell

We will also note that in @alanking's setup... with `irods_ssl_verify_server ` set to `cert` everywhere... SSL worked *within* each particular zone, but not between the two zones.

We have demonstrated locally that 4.2.11 is behaving when configured correctly. We have not yet been able to reproduce the particular behavior you've seen @martingolas.

groups *are* users in the system/database... but... this still feels like a bug.

without looking - i think i would expect the admin endpoint to detect a mismatch and say 'no' to the requesting client. whether there should be an additional/different mechanism *in*...

Regarding when to update... If a server self designates a 'nodename/key/id' in its own `server_config.json` and optionally a 'preferred' or 'internal/external' marker, and then sends/shares all of those along with...

regarding retries in the face of non-resolvable old routing information - seems the easiest yes - please refresh and try once (or a configurable number of times) more.

New consideration... how to remove stale / old information from this table/mapping? A sweeper thread/process to remove entries that have not been confirmed alive within X seconds. Upon normal conditions,...

Does it make sense for a nodename/key/id to have more than one hostname? In the case of internal/external/shortname/longname ... I'd say yes - these should be treated as aliases. In...

The `r_resc_main` table will need to hold nodename/key/id rather than hostnames.

Pretty sure this is already supported. https://docs.irods.org/4.3.1/plugins/pluggable_authentication/#server-ssl-setup and... perhaps related... https://github.com/irods/irods_docs/issues/197