table of contents
other versions
- wheezy 9.11-1
- wheezy-backports 10.7-1~bpo70+1
- jessie 10.7-1
- testing 10.12-1
- unstable 10.12-1
| GLOBUS-GATEKEEPER(8) | Globus Toolkit | GLOBUS-GATEKEEPER(8) |
NAME¶
globus-gatekeeper - Authorize and execute a grid service on behalf of a userSYNOPSIS¶
globus-gatekeeper
[-help]
[-conf PARAMETER_FILE]
[-test] [-d | -debug]
{-inetd | -f}
[-p PORT | -port PORT]
[-home PATH] [-l LOGFILE |
-logfile LOGFILE] [-lf LOG_FACILITY]
[-acctfile ACCTFILE]
[-e LIBEXECDIR]
[-launch_method {fork_and_exit | fork_and_wait | dont_fork}]
[-grid_services SERVICEDIR]
[-globusid GLOBUSID]
[-gridmap GRIDMAP]
[-x509_cert_dir TRUSTED_CERT_DIR]
[-x509_cert_file TRUSTED_CERT_FILE]
[-x509_user_cert CERT_PATH]
[-x509_user_key KEY_PATH]
[-x509_user_proxy PROXY_PATH]
[-k]
[-globuskmap KMAP]
[-pidfile PIDFILE]
DESCRIPTION¶
The globus-gatekeeper program is a meta-server similar to inetd or xinetd that starts other services after authenticating a TCP connection using GSSAPI and mapping the client´s credential to a local account. The most common use for the globus-gatekeeper program is to start instances of the globus-job-manager(8) service. A single globus-gatekeeper deployment can handle multiple different service configurations by having entries in the /etc/grid-services directory. Typically, users interact with the globus-gatekeeper program via client applications such as globusrun(1), globus-job-submit, or tools such as CoG jglobus or Condor-G. The full set of command-line options to globus-gatekeeper consists of: -helpDisplay a help message to standard error and
exit
-conf PARAMETER_FILE
Load configuration parameters from
PARAMETER_FILE. The parameters in that file are treated as additional
command-line options.
-test
Parse the configuration file and print out the
POSIX user id of the globus-gatekeeper process, service home directory,
service execution directory, and X.509 subject name and then exits.
-d, -debug
Run the globus-gatekeeper process in
the foreground.
-inetd
Flag to indicate that the
globus-gatekeeper process was started via inetd or a similar
super-server. If this flag is set and the globus-gatekeeper was not
started via inetd, a warning will be printed in the gatekeeper log.
-f
Flag to indicate that the
globus-gatekeeper process should run in the foreground. This flag has
no effect when the globus-gatekeeper is started via inetd.
-p PORT, -port PORT
Listen for connections on the TCP/IP port
PORT. This option has no effect if the globus-gatekeeper is
started via inetd or a similar service. If not specified and the gatekeeper is
running as root, the default of 2119 is used. Otherwise, the gatekeeper
defaults to an ephemeral port.
-home PATH
Sets the gatekeeper deployment directory to
PATH. This is used to interpret relative paths for accounting files,
libexecdir, certificate paths, and also to set the GLOBUS_LOCATION
environment variable in the service environment. If not specified, the
gatekeeper looks for service executables in /usr/sbin, configuration in /etc,
and writes logs and accounting files to /var/log.
-l LOGFILE, -logfile LOGFILE
Write log entries to LOGFILE. If
LOGFILE is equal to logoff or LOGOFF, then logging will be disabled,
both to file and to syslog.
-lf LOG_FACILITY
Open syslog using the LOG_FACILITY. If
not specified, LOG_DAEMON will be used as the default when using syslog.
-acctfile ACCTFILE
Set the path to write accounting records to
ACCTFILE. If not set, records will be written to the log file.
-e LIBEXECDIR
Look for service executables in
LIBEXECDIR. If not specified, the sbin subdirectory of the parameter to
-home is used, or /usr/sbin if that is not set.
-launch_method fork_and_exit|fork_and_wait|dont_fork
Determine how to launch services. The method
may be either fork_and_exit (the service runs completely independently of the
gatekeeper, which exits after creating the new service process), fork_and_wait
(the service is run in a separate process from the gatekeeper but the
gatekeeper does not exit until the service terminates), or dont_fork, where
the gatekeeper process becomes the service process via the exec()
system call.
-grid_services SERVICEDIR
Look for service descriptions in
SERVICEDIR.
-globusid GLOBUSID
Sets the GLOBUSID environment variable
to GLOBUSID. This variable is used to construct the gatekeeper contact
string if it can not be parsed from the service credential.
-gridmap GRIDMAP
Use the file at GRIDMAP to map GSSAPI
names to POSIX user names.
-x509_cert_dir TRUSTED_CERT_DIR
Use the directory TRUSTED_CERT_DIR to
locate trusted CA X.509 certificates. The gatekeeper sets the environment
variable X509_CERT_DIR to this value.
-x509_user_cert CERT_PATH
Read the service X.509 certificate from
CERT_PATH. The gatekeeper sets the X509_USER_CERT environment
variable to this value.
-x509_user_key KEY_PATH
Read the private key for the service from
KEY_PATH. The gatekeeper sets the X509_USER_KEY environment
variable to this value.
-x509_user_proxy PROXY_PATH
Read the X.509 proxy certificate from
PROXY_PATH. The gatekeeper sets the X509_USER_PROXY environment
variable to this value.
-k
Use the globus-k5 command to acquire
Kerberos 5 credentials before starting the service.
-globuskmap KMAP
Use KMAP as the path to the Grid
credential to kerberos initialization mapping file.
-pidfile PIDFILE
Write the process id of the
globus-gatekeeper to the file named by PIDFILE.
ENVIRONMENT¶
If the following variables affect the execution of globus-gatekeeper: X509_CERT_DIRDirectory containing X.509 trust anchors and
signing policy files.
X509_USER_PROXY
Path to file containing an X.509 proxy.
X509_USER_CERT
Path to file containing an X.509 user
certificate.
X509_USER_KEY
Path to file containing an X.509 user
key.
GLOBUS_LOCATION
Default path to gatekeeper service
files.
FILES¶
/etc/grid-services/ SERVICENAMEService configuration for
SERVICENAME.
/etc/grid-security/grid-mapfile
Default file mapping Grid identities to POSIX
identities.
/etc/globuskmap
Default file mapping Grid identities to
Kerberos 5 principals.
/etc/globus-nologin
File to disable the globus-gatekeeper
program.
/var/log/globus-gatekeeper.log
Default gatekeeper log.
SEE ALSO¶
| 01/06/2012 | University of Chicago |