globus-k5 - Acquire Kerberos Credentials for use with Grid Services
globus-k5 SERVICE-COMMAND SERVICE-ARGS
program is an authorization module used by the
globus-gatekeeper program to acquire Kerberos 5 Credentials prior to executing
a Grid Service. This may be accomplished by running kinit
password stored in the globuskmap file, using the NCSA krb525
or the sslk5
command to use the X509 user proxy.
The arguments passed to globus-k5
will not be used by it, but will be
passed onto the job manager. The first parameter must be the path to the Grid
It is expected that the environment will contain the variables GLOBUSID and USER
for the Grid and local POSIX user identities. This program is normally run as
root, and will call seteuid() prior to executing the Grid Service.
The parameters to use and the mapping for the globus to K5 user are located in
the globuskmap file.
The globuskmap file is a line-oriented file which each line containing a command
to run to acquire Kerberos 5 credentials for a Grid identity. Each line
consists of an optionally-quoted GLOBUSID
value followed by a
command-line for running a process to acquire a Kerberos credential. For
"/O=Example/OU=Grid/CN=Joe User" /usr/afsws/bin/klog -principal juser -password mypasswd -cell infn.it
The following variables affect the execution of globus-k5
Path to the globuskmap file.
POSIX username that the service will run
Path to a Kerberos credential cache.
Grid identity to generate Kerberos credentials
The following files affect the execution of globus-k5
Default file mapping Grid identities to
Kerberos 5 principals.
Copyright © 1999-2016 University of Chicago