Software Links
Getting Started
- Doc Structure
- A Globus Primer
- Globus Is Modular!
- Quickstart
- Installing GT
- Platform Notes
- GT Developer's Guide
- GT User's Guide (coming soon)
- Migrating from GT2
- Migrating from GT3
Reference
- Best Practices
- Coding Guidelines
- API docs
- Public Interfaces (coming soon)
- Resource Properties
- Samples
- Glossary
- Performance Studies (coming soon)
Manuals
Common Runtime
Security
- Non-WS (General) Security
- WS Java Security
- Message-level
- Authz Framework
- CAS
- Delegation Service
- MyProxy
- GSI-OpenSSH
- SimpleCA
- SGAS
Data Mgt
MDS4
Execution Mgt
Table of Contents
Features new in release 4.1.3
- This is the first Globus Toolkit release that includes MyProxy.
Other Supported Features
- Users can store and retrieve multiple X.509 proxy credentials using myproxy-init and myproxy-logon.
- Users can store and retrieve multiple X.509 end-entity credentials using myproxy-store and myproxy-retrieve.
- Administrators can load the repository with X.509 end-entity credentials on the users' behalf using myproxy-admin-load-credential.
- Administrators can use the myproxy-admin-adduser command to create user credentials and load them into the MyProxy repository.
- Users and administrators can set access control policies on the credentials in the repository.
- If allowed by policy, job managers (such as Condor-G) can renew credentials before they expire.
- The MyProxy server enforces local site passphrase policies using a configurable external call-out.
Deprecated Features
- None
Protocol changes since GT 4.0.5
- MyProxy was not included in GT 4.0.5.
API changes since GT 4.0.5
- MyProxy was not included in GT 3.2.
Exception changes since GT 4.0.5
- Not applicable
Schema changes since GT 4.0.5
- Not applicable
MyProxy depends on the following GT component:
- Pre-WS Authentication and Authorization
MyProxy depends on the following 3rd party software:
- None
You should choose a well-protected host to run the myproxy-server on. Consult with security-aware personnel at your site. You want a host that is secured to the level of a Kerberos KDC, that has limited user access, runs limited services, and is well monitored and maintained in terms of security patches.
For a typical myproxy-server installation, the host on which the myproxy-server is running must have /etc/grid-security created and a host certificate installed. In this case, the myproxy-server will run as root so it can access the host certificate and key.