Rachana,
Thanks, for the reply. Actually, I found a simpler solution for the
problem I described. I used the MyProxy JAAS MyProxyLoginModule located
at http://grid.ncsa.illinois.edu/myproxy/jaas/. grid-proxy-init is
called just before the LONI Pipeline server is started. Then when a
client connects to the server it uses the MyProxyLoginModule. Of
course, using MyProxyLoginModule requires proper setup of MyProxy
server. Unfortunately setting up MyProxy using the quickstart guide
initially did not work for me, but I managed to work around the problems
by examining previous posts and the man pages for the commands listed.
Everything appears to be working for the moment.
Don
Rachana Ananthakrishnan wrote:
Hi,
Here is the source code for the PDP itself:
http://viewcvs.globus.org/viewcvs.cgi/authorization/java/base/source/src/org/globus/wsrf/impl/security/authorization/UsernameAuthzPDP.java?annotate=1.1&pathrev=HEAD
http://viewcvs.globus.org/viewcvs.cgi/authorization/java/base/source/src/org/globus/wsrf/impl/security/authorization/UsernameTokenCallbackHandler.java?view=log&pathrev=HEAD
Test code that shows how a PDP can be used with LoginModule:
http://fisheye.globus.org/browse/globus_cvs/authorization/java/base/test/source/src/org/globus/wsrf/impl/security/authorization/TestUsernameAuthzPDP.java?r=1.3
http://fisheye.globus.org/browse/globus_cvs/authorization/java/base/test/source/src/org/globus/wsrf/impl/security/authorization/UsernameLoginModule.java?r=1.1
Configuration information and description of module is here:
http://www.globus.org/toolkit/docs/latest-stable/security/wsaajava/pdp/wsaajava-pdp-userNameAuthz.html
I haven't read the LONI pipeline server guide, but you might have to
write a PDP that LoginContext as needed and adds things to the JAAS
Subject.
Hope this helps,
Rachana
On Jul 21, 2009, at 7:55 PM, Don Bigler wrote:
Hi,
After many hours of pouring over online documentation, I finally
successfully setup Globus 4.2.1 on a Linux cluster based on torque.
The final goal is to be able to run the LONI Pipeline
(http://pipeline.loni.ucla.edu/) on the cluster using the Java DRMAA
interface implemented in Gridway. At this point the Java DRMAA
interface within Gridway appears to be functioning properly and all I
need to do is setup the LONI Pipeline to work with Gridway. This is
where I'm stuck. Specifically...
1. As outlined in the LONI Pipeline server guide, authentication
within the LONI Pipeline is performed using the Java Authentication
and Authorization Service (JAAS), which requires a LoginContext and
LoginModule.
2. A google search for globus and JAAS reveals the wsaaJavaPDP.pdf
file which discusses the Globus JAAS authorization class implemented
in org.globus.wsrf.impl.security.authorization.UsernameAuthzPDP. The
pdf describes how to create custom LoginContext and LoginModule
classes using examples in the unit tests within the source. I was
unable to find the documented examples within the 4.2.1 source
files. Furthermore, it is unclear exactly what globus files need to
be modified to get this working.
3. The way I envision this setup working is that the LONI Pipeline
connects to the Globus WS container using JAAS, which provides
authorization for running Globus within Gridway and DRMAA without
specifically calling grid-proxy-init, but it is very unclear how I
might go about implementing this.
Any assistance provided on this scenario will be greatly
appreciated. Thanks in advance!
Don
--
Don Bigler, Ph.D.
The Pennsylvania State University
NMR Building
H066 Radiology
Hershey Medical Center
Hershey, PA 17033 Phone: (717)531-5858
Fax: (717)531-8486
Hershey Confidentiality Statement:
This message (including any attachments) contains information
intended for a specific individual(s) and purpose that may be
privileged, confidential or otherwise protected from disclosure
pursuant to applicable law. Any inappropriate use, distribution or
copying of the message is strictly prohibited and may subject you to
criminal or civil penalty. If you have received this transmission in
error, please reply to the sender indicating this error and delete
the transmission from your system immediately.
--
Don Bigler, Ph.D.
The Pennsylvania State University
NMR Building
H066 Radiology
Hershey Medical Center
Hershey, PA 17033
Phone: (717)531-5858
Fax: (717)531-8486
Hershey Confidentiality Statement:
This message (including any attachments) contains information intended for a
specific individual(s) and purpose that may be privileged, confidential or
otherwise protected from disclosure pursuant to applicable law. Any
inappropriate use, distribution or copying of the message is strictly
prohibited and may subject you to criminal or civil penalty. If you have
received this transmission in error, please reply to the sender indicating this
error and delete the transmission from your system immediately.
