Re: [gt-user] Fwd: Doubts with GridFTP

Fri, 22 Jun 2012 09:59:02 -0700 

Hi Fabio,

The callout was written only for GCMU, and as far as I know the callout is not 
included in any GT release. However you can download it from 
http://www.mcs.anl.gov/~mlink/globus_gridmap_verify_myproxy_callout-0.1.tar.gz 
and give it a try:

gpt-build globus_gridmap_verify_myproxy_callout-0.1.tar.gz <flavor>

set server envs:
GSI_AUTHZ_CONF=$GLOBUS_LOCATION/etc/gridmap_verify_myproxy_callout-gsi_authz.conf
GLOBUS_MYPROXY_CA_CERT=/path/to/ca/cert.0

That's it.  Clients with a cert signed by that ca will use the username from the DN 
(the last /CN=<username>), otherwise a normal gridmap lookup will be performed.


Cheers,
Lukasz


On 6/22/12 7:49 AM, Fábio Moreira wrote:

Hi,

I would like to know if the MyProxy callout from Globus Connect Multiple User 
(GCMU) was included in GT 5.2.0. Otherwise, how can I use it with this Globus 
version?

Thanks very much !

Fabio Souza

_____________________________________________________________________________________________________________________


Hi,


    Now we would like to do the opposite way, an external script (instead of
    grid-mapfile) to map the received certificate back to a system user on
    the GridFTP Server. You´ve mentioned that we can use a MyProxy callout
    in the next GT5 release. So we´re using GT 5.2.0 and we´d like to know
    how to do it. Can we use something like 'certificate_mapapp'  on the
    GridFTP? Is there anything similar?


The MyProxy callout is used in Globus Connect Multiple User (GCMU), and it will 
basically authorize any user with a DN that matches those generated by the 
MyProxy CA, and has a CN equal to a UNIX login.

So for example, if your MyProxy generates DNs like this:

       O=My Organization, OU=My Department

And GridFTP gets a valid certificate with this DN:

       O=My Organization, OU=My Department, CN=fabio

Then the MyProxy callout with authorize that DN and will map it to the UNIX user 
"fabio".

However, I'm not sure if the callout was included in GT5.2 or whether it's 
currently only being included as part of GCMU. I suggest asking on the gt-user 
mailing list:

https://lists.globus.org/mailman/listinfo/gt-user

Cheers!
--
Borja Sotomayor

 Researcher, Computation Institute
 Lecturer, Department of Computer Science
 University of Chicago
http://people.cs.uchicago.edu/~borja/ <http://people.cs.uchicago.edu/%7Eborja/>

 Community Manager, OpenNebula project
http://www.opennebula.org/

Reply via email to