Hi,
We are publishing data locally via a Stratum 0.
Everything is ok and working well.
But is there any mechanism at the server level to authenticate external clients/users (we do not administer)?
Maybe based on Active Directory groups ?
Thank you.
Hi, and welcome to the CernVM forum!
In general, cvmfs is public by construction, so there is no (easy) authentication of clients. If you are only looking to restrict access to the local site, it is easiest to use a firewall to fence off access to the stratum 0 from the Internet.
(The full answer is a bit more complicated: There are some advanced authorization schemes possible using HTTPS, dedicated servers and proxies and cvmfs plugins. Setting up that infrastructure is non-trivial though and even then there are limitations and typically only data but not the meta-data is protected.)
Thank you very much for your answer. 
That’s what I thought but needed confirmation for our user.
Best regards.