use host cert/key from standard locations

Every time the host certificates are renewed, there’s a chance to forget about
the copies of these for xrootd, which are per default in
“/etc/grid-security/xrd”.
Instead, the host certificate and key shall be read from the “standard”
locations.

• Set options to read the host certificate and key from
  “/etc/grid-security/hostcert.pem” respectively
  “/etc/grid-security/hostkey.pem”.

For this to work, the files must be readable by the user that runs the daemon,
which can, for example, be accomplished via ACLs using a command like:
setfacl -m u:xcache:r /etc/grid-security/hostkey.pem

Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>

xcache.cfg

@@ -47,7 +47,8 @@ else
     # Uncomment the following and bind mount to /etc/xrootd/xcache.cfg to request GSI security from client
     xrootd.seclib /usr/lib64/libXrdSec.so
     sec.protparm gsi -vomsfun:/usr/lib64/libXrdSecgsiVOMS.so -vomsfunparms:certfmt=raw|vos=atlas|grps=/atlas
-    sec.protocol /usr/lib64 gsi -ca:1 -crl:3
+    # Note: The certificate/key files must be readable by the xrootd daemon (ACLs might be used for this).
+    sec.protocol /usr/lib64 gsi -ca:1 -crl:3 -cert:/etc/grid-security/hostcert.pem -key:/etc/grid-security/hostkey.pem
     acc.authdb /etc/xrootd/auth_db
     acc.authrefresh 60
     ofs.authorize