[kepler-dev] GlobusProxy actor
guan at sdsc.edu
Tue Feb 28 11:43:37 PST 2006
Unfortunately Kepler authentication framework retrieves the proxy through
the web portal with user name and password. I don't think it is safe to
talk with a MyProxy on the remote site and get the proxy. I guess in that
case, you may also need an account on the server MyProxy residents to run
One possible way to work around this is to build up a MyProxy server on
your machine. Currently GEON project has a GAMA server (and Myproxy store,
I assume). If you don't want to setup your own Myproxy, you may want to
talk with GEON's administrator to add your certificate in. I would like to
help you build an actor (or a small workflow) to talk with the Myproxy,
and retrieve proxy from it.
Of course you can always use grid-proxy-init to get proxy on your machine.
I would also like to help you build a small workflow to run those commands
and get the proxy into your workflow.
Let me know what you prefer.
On Tue, 28 Feb 2006, Norbert Podhorszki wrote:
> Thanks Kurt,
> It seems it is enough for my needs: to store the certificate somewhere, and
> get a proxy from there using Kepler actors.
> Is this true, that with your Kepler actor you retrieve the proxy from the
> MyProxy part of GAMA directly? Or through the portal's user account?
> Thanks for the explanation.
> On Tue, 28 Feb 2006, Kurt Mueller wrote:
>> GAMA has no automated method of putting a foreign certificate into its
>> Myproxy store. You could put it there yourself by running myproxy-init
>> from the command-line, and you would then be able to retrieve it using
>> myproxy-get-delegation from the command-line, just like with any Myproxy
>> server. You could also retrieve it using GAMA's web service interface from
>> a portal or from an application such as Kepler.
>> What you will NOT get is the creation of a portal user in GridSphere on
>> the GAMA portal side and configuration of this user to automatically
>> retrieve a proxy upon login to the portal. This will only happen if the
>> user is created from the portal to begin with, and the user's credentials
>> are created by the GAMA CA and put into the GAMA Myproxy as part of the
>> initial user account creation. There is no way to take a foreign
>> certificate, put it in GAMA's Myproxy, and associate it with an exisiting
>> GridSphere portal user. If you are not using the GridSphere portal side of
>> GAMA then this may not be a concern for you.
>> - Kurt
More information about the Kepler-dev