Proxy file handling in gLExec

From PDP/Grid Wiki
Revision as of 14:48, 7 February 2010 by Okoeroo@nikhef.nl (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

gLExec uses four environment variables for various reasons. This section is intended to explain what they do in a pragmatic way so that you should be able to work with them.

The environment variables of interest are:

  • GLEXEC_CLIENT_CERT
  • GLEXEC_SOURCE_PROXY
  • GLEXEC_TARGET_PROXY
  • X509_USER_PROXY

GLEXEC_CLIENT_CERT

gLExec needs a (proxy) certificate as input to know who to authorize and to which account you must be mapped. The mapping and authorization decision will be based primarily on this file.

The GLEXEC_CLIENT_CERT

  • Contains a file path from the root to the file. Note: "/dir/subdir/../subdir2/proxy" is allowed.
  • Must contain a public and private key pair in this one file.
  • Must be readable by the user account calling gLExec
  • Variable must be accessible by gLExec to read.
    • Typically that means to export it into the current shell.
  • Must be set before calling gLExec.


If y 

glexec[10301]: LCAS authorization request
glexec[10301]: lcas.mod-lcas_run_va(): Cannot find certificate chain in pem string(failure)
glexec[10301]: lcas.mod-lcas_run_va(): failed
Retrieved from "https://wiki.nikhef.nl/grid/index.php?title=Proxy_file_handling_in_gLExec&oldid=4044"