Kory Draughn
Chief Technologist
iRODS Consortium
Technology Update
June 29 - July 2, 2026
iRODS User Group Meeting 2026
Barcelona, Spain
Contributors
| iRODS Release | Release Date | Commits |
|---|---|---|
| 5.0.2 | 2025-10-01 | 37 |
| 4.3.5 | 2026-03-03 | 121 |
Markus Kitsinger
Martin Jaime Flores Jr.
Ramsey Jooss
Terrell Russell
Ton Smeele
Alan King
Derek Dong
Daniel Moore
Justin James
Kory Draughn
4.3.5 Release Summary
The final release of the server for the 4.3 series.
Focused effort on making the 4.3 server as stable as possible, for deployments which cannot upgrade to iRODS 5.
Plugins will continue to receive updates, but will be limited to security fixes and trivial enhancements.
5.0.2 Release Highlights
<plugin_name>-5.1.1-0.el10+5.0.2.x86_64.rpmirsync5.1.0 Release - Where is it?
It's on the way.
There are a few more things to work out before it's ready.
We appreciate your patience.
Backward Compatibility
Maintaining backward compatibility is important to the Consortium.
To help in satisfying this requirement, we will do the following:
These rules DO NOT apply to experimental APIs, libraries, or tools.
Main Server Process
Towards FIPS 140-X Compliance
To support FIPS-enabled environments, the iRODS server must not use operations which rely on MD5.
zone_key_signing_hash_scheme configuration propertymockarchive resource physical paths (SHA256)native authenticationNew Authentication Scheme
Implemented new built-in authentication scheme called irods.
Objectives
Plan
native authentication is removedNew Authentication Scheme - Usage and Password Management
Use password to get session token for authentication.
"irods_authentication_scheme" to "irods"~/.irods/.irods_secrets file holds returned session token
Set user passwords as normal.
ipasswd --no-scrambleiadmin moduser alice password apass no-scramble
Passwords and tokens can be cleared.
iadmin moduser alice remove_passwordiadmin remove_session_tokens expired alice
Script to clear legacy/native passwords packaged with 5.1.0.
New Authentication Scheme - Grid Configuration
Added new grid-wide configuration options to the authentication namespace.
password_hashing_parameters
"algorithm" (currently only supported by scrypt)"parameters" are specific to the chosen algorithm
password_storage_mode
"legacy" (default/native), "hashed" (irods), "both"
token_lifetime_in_seconds
Resource Rebalance
Pre-5.1.0 behavior
5.1.0 behavior
REBALANCE_NOT_COMPLETE (-1834000)Resource Rebalance (cont.)
$ iadmin modresc thingToRebalance rebalance
remote addresses: 172.19.0.3 ERROR: rcGeneralAdmin failed with error -1834000 REBALANCE_NOT_COMPLETE
$ iquest "SELECT COLL_NAME, DATA_NAME WHERE DATA_RESC_HIER LIKE 'thingToRebalance;%' and DATA_REPL_STATUS != '1'"
COLL_NAME = /tempZone/home/alice/dataHere
DATA_NAME = foo1
------------------------------------------------------------
COLL_NAME = /tempZone/home/alice/dataHere
DATA_NAME = foo3
------------------------------------------------------------
COLL_NAME = /tempZone/home/alice/dataHere
DATA_NAME = foo5
------------------------------------------------------------
$ iquest "SELECT COUNT(DATA_ID) WHERE DATA_RESC_HIER LIKE 'thingToRebalance;%' and DATA_REPL_STATUS != '1'"
DATA_ID = 6Updated documentation to include commands to locate data objects requiring intervention.
Random Scheme Vault Path Policy
Added new microservices which allow administrators to customize how physical paths are generated when using the random scheme vault path policy.
msi_set_random_scheme_style(style)
msi_set_random_scheme_suffix_length(length)
Notable Server Updates
setup_irods.py
istreamBuilding and Testing
--irods_package_version 5.0.1-0~noble
Policy Composition Rule Engine Plugin
Initial release (0.1.0) is available for iRODS 5.0.2.
Designed to simplify policy enforcement by allowing administrators to think in terms of configuration and composability rather than having to write code.
Visit link to access past presentations about Policy Composition.
Policy Composition Rule Engine Plugin - Overview
Policy Composition Rule Engine Plugin - Example Configuration
{
"instance_name": "irods_rule_engine_plugin-event_handler-data_object_modified-instance",
"plugin_name": "irods_rule_engine_plugin-event_handler-data_object_modified",
"plugin_specific_configuration": {
"policies_to_invoke": [
{
"active_policy_clauses": [
"post"
],
"events": [
"put",
"create",
"write",
"registration"
],
"policy_to_invoke": "irods_policy_data_replication",
"configuration": {
"destination_resource": "AnotherResc"
}
}
]
}
}Logical Quotas Rule Engine Plugin
Six releases since UGM 2025.
Storage Tiering Capability Plugin
Three releases since UGM 2025.
UnivMSS Resource Plugin
script
<service_account_home>/msiExecCmd_binescape_single_quotes
$ iadmin mkresc ... 'script=file.sh;escape_single_quotes=1'
Audit AMQP Rule Engine Plugin
Part two of the in-progress overhaul is almost complete.
Python iRODS Client
Two releases since UGM 2025.
groupadmin usersPython iRODS Client - Flag Preservation for Metadata Operations
import irods
sess = irods.helpers.make_session()
dobj = sess.data_objects.get('/tempZone/home/ugm_user/file.txt')
# Enable admin flag for metadata operations.
adm = dobj.metadata(admin=True)
if adm.items():
# Enable timestamp retrieval for metadata operations.
# This operation is cumulative, meaning the state of
# the admin flag is preserved.
adm_ts = adm(timestamps=True)
avu = adm_ts.items()[0]
# Without the bug fix, this operation would fail.
adm_ts.set(avu.name, avu.value + ".", avu.units)Python iRODS Client - ticket_iterator
import irods
from irods.ticket import *
from pprint import pp
session = irods.helpers.make_session()
pp([
vars(t)
for t in ticket_iterator(
session,
filter_args=[TicketQuery.Owner.name != '']
)
])Prints a list of tickets and their attributes, similar to iticket ls.
Python iRODS Client - Aborting Parallel Transfers
from irods.parallel import abort_parallel_transfers
try:
session.data_objects.put(...)
except KeyboardInterrupt:
abort_parallel_transfers()Globus Connector
Four releases since UGM 2025.
$fileReadForChecksumCalculationBufferSizeBytesalloca() functionstd::stringstream to fmtlibHTTP API
0.7.0 released on 2026-06-18.
irods4j
Four releases since UGM 2025.
TrustManagersCyberduck
Refactored to use irods4j instead of Jargon.
iDrop
iRODS Internship Presentations - Summer 2025
pam_interactive Authentication for the Python iRODS Client (PRC)
This talk introduces support for the pam_interactive authentication scheme in the Python iRODS Client (PRC). It ports the C++ plugin to enable a server-driven, conversational handshake, which is essential for complex PAM setups such as multi-factor authentication.
Updates to the iRODS Zone Management Tool and GenQuery2
The iRODS Zone Management Tool has been refactored to remove its dependence on Material UI for increased maintainability. GenQuery2 has been modified to allow for functions to be used in the GROUP-BY clause.
Refactoring Cyberduck: Migrating from Jargon to irods4j for its iRODS support
Cyberduck provides user-friendly access to remote storage systems, including iRODS. However, its reliance on the outdated Jargon library has limited performance and maintainability. This project upgrades Cyberduck’s iRODS backend by replacing Jargon with the modern and streamlined irods4j library, enabling cleaner code, better performance, and improved compatibility with current iRODS 5 systems.
USF Senior Team Project - Fall 2025
Provided mentorship to a team of four students from the University of San Francisco tasked with benchmarking and optimizing client-side data transfer performance through the use of compression.
tc) and real (AWS) network latency
Findings
This research will influence how compression is implemented in iRODS.
Future Work (after 5.1.0 release)
Thank you!
Upcoming talks from the Development Team