Home -> Toolkit -> Docs -> 3.2 -> Gsi -> Developer

GSI: Developer's Guide

Overview
APIs
Infrastructure
Acquiring certificates
>Using proxy certificates
Related documents

Using proxy certificates

Proxies are certificates signed by the user, or by another proxy, that do not require a password to submit a job.  They are intended for short-term use, when the user is submitting many jobs and cannot be troubled to repeat his password for every job.  The subject of a proxy certificate is the same as the subject of the certificate that signed it, with /CN=proxy added to the name.  The gatekeeper will accept any job requests submitted by the user, as well as any proxies he has created. 

Proxies provide a convenient alternative to constantly entering passwords, but are also less secure than the user's normal security credential.  Therefore, they should always be user-readable only, and should be deleted after they are no longer needed (or after they expire.)

To create a proxy with the default expiration (12 hours), run the grid-proxy-init program.  For example:

% grid-proxy-init 

The grid-proxy-init program can also take arguments to specify the expiration and proxy key length.  For example:

% grid-proxy-init -hours 8 -bits 512 

To delete a proxy that was previously created with grid-proxy-init, run:

% grid-proxy-destroy