Poster of Linux kernelThe best gift for a Linux geek
GLOBUS-GATEKEEPER

GLOBUS-GATEKEEPER

Section: University of Chicago (8) Updated: 12/01/2009 Local index Up
 

NAME

globus-gatekeeper - Authorize and execute a grid service on behalf of a user  

SYNOPSIS

globus-gatekeeper [-help]
[-conf PARAMETER_FILE]
[-test] [-d | -debug]
{-inetd | -f}
[-p PORT | -port PORT]
[-home PATH] [-l LOGFILE | -logfile LOGFILE]
[-acctfile ACCTFILE]
[-e LIBEXECDIR]
[-launch_method {fork_and_exit | fork_and_wait | dont_fork}]
[-grid_services SERVICEDIR]
[-globusid GLOBUSID]
[-gridmap GRIDMAP]
[-x509_cert_dir TRUSTED_CERT_DIR]
[-x509_cert_file TRUSTED_CERT_FILE]
[-x509_user_cert CERT_PATH]
[-x509_user_key KEY_PATH]
[-x509_user_proxy PROXY_PATH]
[-k]
[-globuskmap KMAP]
 

DESCRIPTION

The globus-gatekeeper program is a meta-server similar to inetd or xinetd that starts other services after authenticating the TCP connection using GSSAPI.

The most common use for the globus-gatekeeper program is to start instances of the globus-job-manager(8) service. A single globus-gatekeeper deployment can handle multiple different service configurations by having entries in the grid-services directory.

Typically, users interact with the globus-gatekeeper program via client applications such as globusrun(1), globus-job-submit, or tools such as CoG jglobus or Condor-G.

The full set of command-line options to globus-gatekeeper consists of:

-help

Display a help message to standard error and exit

-conf PARAMETER_FILE

Load configuration parameters from PARAMETER_FILE. The parameters in that file are treated as additional command-line options.

-test

Parse the configuration file and print out the POSIX user id of the globus-gatekeeper process, service home directory, service execution directory, and X.509 subject name and then exits.

-d, -debug

Run the globus-gatekeeper process in the foreground.

-inetd

Flag to indicate that the globus-gatekeeper process was started via inetd or a similar super-server. If this flag is set and the globus-gatekeeper was not started via inetd, a warning will be printed in the gatekeeper log.

-f

Flag to indicate that the globus-gatekeeper process should run in the foreground. This flag has no effect when the globus-gatekeeper is started via inetd.

-p PORT, -port PORT

Listen for connections on the TCP/IP port PORT. This option has no effect if the globus-gatekeeper is started via inetd or a similar service. If not specified and the gatekeeper is running as root, the default of 754 is used. Otherwise, the gatekeeper defaults to an ephemeral port.

-home PATH

Sets the gatekeeper deployment directory to PATH. This is used to interpret relative paths for accounting files, libexecdir, certificate paths, and also to set the GLOBUS_LOCATION environment variable in the service environment. If not specified, the gatekeeper uses its working directory.

-l LOGFILE, -logfile LOGFILE

Write status log entries to LOGFILE

-acctfile ACCTFILE

Set the path to write accounting records to ACCTFILE. If not set, no accounting records will be written.

-e LIBEXECDIR

Look for service executables in LIBEXECDIR. If not specified, the default of HOME/libexec is used.

-launch_method fork_and_exit|fork_and_wait|dont_fork

Determine how to launch services. The method may be either fork_and_exit (the service runs completely independently of the gatekeeper, which exits after creating the new service process), fork_and_wait (the service is run in a separate process from the gatekeeper but the gatekeeper does not exit until the service terminates), or dont_fork, where the gatekeeper process becomes the service process via the exec() system call.

-grid_services SERVICEDIR

Look for service descriptions in SERVICEDIR. If this is a relative path, it is interpreted relative to the HOME value. If this is not specified, the default of HOME/etc/grid-services is used.

-globusid GLOBUSID

Sets the GLOBUSID environment variable to GLOBUSID. This variable is used to construct the gatekeeper contact string if it can not be parsed from the service credential.

-gridmap GRIDMAP

Use the file at GRIDMAP to map GSSAPI names to POSIX user names. If not specified, the default of HOME/etc/grid-mapfile is used.

-x509_cert_dir TRUSTED_CERT_DIR

Use the directory TRUSTED_CERT_DIR to locate trusted CA X.509 certificates. The gatekeeper sets the environment variable X509_CERT_DIR to this value.

-x509_cert_file TRUSTED_CERT_FILE

OBSOLETE GSI OPTION

-x509_user_cert CERT_PATH

Read the service X.509 certificate from CERT_PATH. The gatekeeper sets the X509_USER_CERT environment variable to this value.

-x509_user_key KEY_PATH

Read the private key for the service from KEY_PATH. The gatekeeper sets the X509_USER_KEY environment variable to this value.

-x509_user_proxy PROXY_PATH

Read the X.509 proxy certificate from PROXY_PATH. The gatekeeper sets the X509_USER_PROXY environment variable to this value.

-k

Assume authentication with Kerberos 5 GSSAPI instead of X.509 GSSAPI.

-globuskmap KMAP

Assume authentication with Kerberos 5 GSSAPI instead of X.509 GSSAPI and use KMAP as the path to the kerberos principal to POSIX user mapping file.
 

ENVIRONMENT

If the following variables affect the execution of globus-gatekeeper

X509_CERT_DIR

Directory containing X.509 trust anchors and signing policy files.

X509_USER_PROXY

Path to file containing an X.509 proxy.

X509_USER_CERT

Path to file containing an X.509 user certificate.

X509_USER_KEY

Path to file containing an X.509 user key.
 

FILES

$GLOBUS_LOCATION/etc/globus-gatekeeper.conf

Default path to gatekeeper configuration file.

$GLOBUS_LOCATION/etc/grid-services/SERVICENAME

Service configuration for SERVICENAME.
 

SEE ALSO

globusrun(1), globus-job-manager(8)

 

Index

NAME
SYNOPSIS
DESCRIPTION
ENVIRONMENT
FILES
SEE ALSO
This document was created by man2html, using the manual pages.
Time: 22:01:42 GMT, April 16, 2011