In the documentation, I read that we can use the GRIDProxy resources setting to eventually authenticate using kerberos to access EOS. This is nicely described in the documentation here - https://recast-docs.web.cern.ch/recast-docs/workflowauthoring/steps/#authentication. What is not clear to me is who this actually authenticates as.

Specifically, in the script of the configuration, when the line /recast_auth/getkrb.sh is run, which user will be authenticated against? Should I be able to xrdcp files from my personal EOS space, or only public EOS spaces? Or perhaps it is some service account? This is not clear in the documentation I can find.

Specifically, in the script of the configuration, when the line /recast_auth/getkrb.sh is run, which user will be authenticated against?

The user that gets Kerberos authentication is the user in the RECAST_USER variable from

eval "$(recast auth setup -a ${RECAST_USER} -a ${RECAST_PASS} -a ${RECAST_TOKEN} -a default)"

As a side note, GRIDProxy is a historical term and while it still works and will be supported for backwards compatibility reasons using

resources:
- Krb5Auth

is recommended