logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

globus-gatekeeper - Authorize and execute a grid service on behalf of a user

Contents

Author

       Copyright © 1999-2016 University of Chicago

Grid Community Toolkit 6                           03/31/2018                               GLOBUS-GATEKEEPER(8)

Description

       The globus-gatekeeper program is a meta-server similar to inetd or*xinetd* that starts other services
       after authenticating a TCP connection using GSSAPI and mapping the client’s credential to a local
       account.

       The most common use for the globus-gatekeeper program is to start instances of the globus-job-manager(8)
       service. A single globus-gatekeeper deployment can handle multiple different service configurations by
       having entries in the /etc/grid-services/ directory.

       Typically, users interact with the globus-gatekeeper program via client applications such as
       globusrun(1), globus-job-submit(1), or tools such as CoG jglobus or Condor-G.

       The full set of command-line options to globus-gatekeeper consists of:

       -help
           Display a help message to standard error and exit

       -confPARAMETER_FILE
           Load configuration parameters from PARAMETER_FILE. The parameters in that file are treated as
           additional command-line options.

       -test
           Parse the configuration file and print out the POSIX user id of the globus-gatekeeper process,
           service home directory, service execution directory, and X.509 subject name and then exits.

       -d,-debug
           Run the globus-gatekeeper process in the foreground.

       -inetd
           Flag to indicate that the globus-gatekeeper process was started via inetd or a similar super-server.
           If this flag is set and the globus-gatekeeper was not started via inetd, a warning will be printed in
           the gatekeeper log.

       -f
           Flag to indicate that the globus-gatekeeper process should run in the foreground. This flag has no
           effect when the globus-gatekeeper is started via inetd.

       -pPORT,-portPORT
           Listen for connections on the TCP/IP port PORT. This option has no effect if the globus-gatekeeper is
           started via inetd or a similar service. If not specified and the gatekeeper is running as root, the
           default of 2119 is used. Otherwise, the gatekeeper defaults to an ephemeral port.

       -homePATH
           Sets the gatekeeper deployment directory to PATH. This is used to interpret relative paths for
           accounting files, libexecdir, certificate paths, and also to set the GLOBUS_LOCATION environment
           variable in the service environment. If not specified, the gatekeeper looks for service executables
           in /usr/sbin, configuration in /etc, and writes logs and accounting files to /var/log.

       -lLOGFILE,-logfileLOGFILE
           Write log entries to LOGFILE. If LOGFILE is equal to logoff or LOGOFF, then logging will be disabled,
           both to file and to syslog.

       -lfLOG_FACILITY
           Open syslog using the LOG_FACILITY. If not specified, LOG_DAEMON will be used as the default when
           using syslog.

       <option>-acctfileACCTFILE</option>
           Set the path to write accounting records to ACCTFILE. If not set, records will be written to the log
           file.

       -eLIBEXECDIR
           Look for service executables in LIBEXECDIR. If not specified, the sbin subdirectory of the parameter
           to -home is used, or /usr/sbin if that is not set.

       -launch_methodfork_and_exit|fork_and_wait|dont_fork
           Determine how to launch services. The method may be either fork_and_exit (the service runs completely
           independently of the gatekeeper, which exits after creating the new service process), fork_and_wait
           (the service is run in a separate process from the gatekeeper but the gatekeeper does not exit until
           the service terminates), or dont_fork, where the gatekeeper process becomes the service process via
           the exec() system call.

       -grid_servicesSERVICEDIR
           Look for service descriptions in SERVICEDIR.

       -globusidGLOBUSID
           Sets the GLOBUSID environment variable to GLOBUSID. This variable is used to construct the gatekeeper
           contact string if it can not be parsed from the service credential.

       -gridmapGRIDMAP
           Use the file at GRIDMAP to map GSSAPI names to POSIX user names.

       -x509_cert_dirTRUSTED_CERT_DIR
           Use the directory TRUSTED_CERT_DIR to locate trusted CA X.509 certificates. The gatekeeper sets the
           environment variable X509_CERT_DIR to this value.

       -x509_user_certCERT_PATH
           Read the service X.509 certificate from CERT_PATH. The gatekeeper sets the X509_USER_CERT environment
           variable to this value.

       -x509_user_keyKEY_PATH
           Read the private key for the service from KEY_PATH. The gatekeeper sets the X509_USER_KEY environment
           variable to this value.

       -x509_user_proxyPROXY_PATH
           Read the X.509 proxy certificate from PROXY_PATH. The gatekeeper sets the X509_USER_PROXY environment
           variable to this value.

       -k
           Use the <command>globus-k5</command> command to acquire Kerberos 5 credentials before starting the
           service.

       -globuskmapKMAP
           Use KMAP as the path to the Grid credential to kerberos initialization mapping file.

       -pidfilePIDFILE
           Write the process id of the globus-gatekeeper to the file named by PIDFILE.

Environment

       The following environment variables affect the execution of globus-gatekeeper:

       X509_CERT_DIR
           Directory containing X.509 trust anchors and signing policy files.

       X509_USER_PROXY
           Path to file containing an X.509 proxy.

       X509_USER_CERT
           Path to file containing an X.509 user certificate.

       X509_USER_KEY
           Path to file containing an X.509 user key.

       GLOBUS_LOCATION
           Default path to gatekeeper service files.

Files

       The following files affect the execution of globus-gatekeeper:

       /etc/grid-services/SERVICENAME
           Service configuration for SERVICENAME.

       /etc/grid-security/grid-mapfile
           Default file mapping Grid identities to POSIX identities.

       /etc/globuskmap
           Default file mapping Grid identities to Kerberos 5 principals.

       /etc/globus-nologin
           File to disable the globus-gatekeeper program.

       /var/log/globus-gatekeeper.log
           Default gatekeeper log.

Name

       globus-gatekeeper - Authorize and execute a grid service on behalf of a user

See Also

globus-k5(8), globusrun(1), globus-job-manager(8)

Synopsis

globus-gatekeeper [-help]

       globus-gatekeeper -conf PARAMETER_FILE [-test] [-d | -debug] [-inetd | -f] [-p PORT | -port PORT] [-l
       LOGFILE | -logfile LOGFILE] [-lf LOG_FACILITY] [-acctfile ACCTFILE] [-e LIBEXECDIR] [-launch_method {
       fork_and_exit | fork_and_wait | dont_fork }] [-grid_services SERVICEDIR] [-globusid GLOBUSID] [-gridmap
       GRIDMAP] [-x509_cert_dir TRUSTED_CERT_DIR] [-x509_cert_file TRUSTED_CERT_FILE] [-x509_user_cert
       CERT_PATH] [-x509_user_key KEY_PATH] [-x509_user_proxy PROXY_PATH] [-k] [-globuskmap KMAP] [-pidfile
       PIDFILE]

See Also

Man Pages
globus Man Pages
Man Pages
globus Man Pages
Man Pages
service Man Pages
User
User PNG Icons
Filing
Filing PNG Icons
Man Pages
X509_new, X509_new_ex, X509_free, X509_up_ref, X509_chain_up_ref, OSSL_STACK_OF_X509_free Man Pages
Man Pages
Path Man Pages
Man Pages
cert Man Pages
Grid
Grid PNG Icons
← View System admin Category← Back to System startup and services🙏  Credits & Acknowledgments