[kepler-dev] GlobusProxy actor

Zhijie Guan guan at sdsc.edu
Tue Feb 28 11:43:37 PST 2006

Hi, Norbert,

Unfortunately Kepler authentication framework retrieves the proxy through 
the web portal with user name and password. I don't think it is safe to 
talk with a MyProxy on the remote site and get the proxy. I guess in that 
case, you may also need an account on the server MyProxy residents to run 
those commands.

One possible way to work around this is to build up a MyProxy server on 
your machine. Currently GEON project has a GAMA server (and Myproxy store, 
I assume). If you don't want to setup your own Myproxy, you may want to 
talk with GEON's administrator to add your certificate in. I would like to 
help you build an actor (or a small workflow) to talk with the Myproxy, 
and retrieve proxy from it.

Of course you can always use grid-proxy-init to get proxy on your machine. 
I would also like to help you build a small workflow to run those commands 
and get the proxy into your workflow.

Let me know what you prefer.


On Tue, 28 Feb 2006, Norbert Podhorszki wrote:

> Thanks Kurt,
> It seems it is enough for my needs: to store the certificate somewhere, and 
> get a proxy from there using Kepler actors.
> Zhijie,
> Is this true, that with your Kepler actor you retrieve the proxy from the 
> MyProxy part of GAMA directly? Or through the portal's user account?
> Thanks for the explanation.
> Norbert
> On Tue, 28 Feb 2006, Kurt Mueller wrote:
>> Hi,
>> GAMA has no automated method of putting a foreign certificate into its 
>> Myproxy store. You could put it there yourself by running myproxy-init 
>> from the command-line, and you would then be able to retrieve it using 
>> myproxy-get-delegation from the command-line, just like with any Myproxy 
>> server. You could also retrieve it using GAMA's web service interface from 
>> a portal or from an application such as Kepler.
>> What you will NOT get is the creation of a portal user in GridSphere on 
>> the GAMA portal side and configuration of this user to automatically 
>> retrieve a proxy upon login to the portal. This will only happen if the 
>> user is created from the portal to begin with, and the user's credentials 
>> are created by the GAMA CA and put into the GAMA Myproxy as part of the 
>> initial user account creation. There is no way to take a foreign 
>> certificate, put it in GAMA's Myproxy, and associate it with an exisiting 
>> GridSphere portal user. If you are not using the GridSphere portal side of 
>> GAMA then this may not be a concern for you.
>> - Kurt

More information about the Kepler-dev mailing list