File: globus-k5.txt

package info (click to toggle)
globus-gatekeeper 11.0-1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 1,560 kB
  • sloc: sh: 11,518; ansic: 2,528; makefile: 131
file content (76 lines) | stat: -rw-r--r-- 2,391 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
GLOBUS-K5(8)
============
:doctype:      manpage
:man source:   Grid Community Toolkit
:man version:  6
:man manual:   Grid Community Toolkit Manual
:man software: Grid Community Toolkit

NAME
--
globus-k5 - Acquire Kerberos Credentials for use with Grid Services

SYNOPSIS
-------
*globus-k5* 'SERVICE-COMMAND' 'SERVICE-ARGS'...

DESCRIPTION
----------
The *globus-k5* program is an authorization module used by the
globus-gatekeeper program to acquire Kerberos 5 Credentials prior to executing
a Grid Service. This may be accomplished by running *kinit* with a password
stored in the +globuskmap+ file, using the NCSA *krb525* command, or the
*sslk5* command to use the X509 user proxy.

The arguments passed to *globus-k5* will not be used by it, but will be passed
onto the job manager. The first parameter must be the path to the Grid Service.

It is expected that the environment will contain the variables +GLOBUSID+ and
+USER+ for the Grid and local POSIX user identities.  This program is normally
run as root, and will call seteuid() prior to executing the Grid Service. 

The parameters to use and the mapping for the globus to K5 user are located in
the globuskmap file. 

=== Format of the +globuskmap+ file ===
The globuskmap file is a line-oriented file which each line containing a
command to run to acquire Kerberos 5 credentials for a Grid identity.  Each
line consists of an optionally-quoted 'GLOBUSID' value followed by a
command-line for running a process to acquire a Kerberos credential. For
example:

==============================================================================
    "/O=Example/OU=Grid/CN=Joe User" /usr/afsws/bin/klog -principal juser -password mypasswd -cell infn.it
==============================================================================

ENVIRONMENT
-----------
The following variables affect the execution of *globus-k5*:

*GLOBUSKMAP*::
    Path to the globuskmap file.


*USER*::
    POSIX username that the service will run as.

*KRB5CCNAME*::
    Path to a Kerberos credential cache.

*GLOBUS_ID*::
    Grid identity to generate Kerberos credentials for.

FILES
-----
The following files affect the execution of *globus-k5*:

*/etc/globuskmap*::
    Default file mapping Grid identities to Kerberos 5 principals.

SEE ALSO
--------
*globus-k5*(8), *globus-job-manager*(8)

AUTHOR
-----
Copyright (C) 1999-2016 University of Chicago