Difference between revisions of "LCAS and LCMAPS installation for gLExec and (GT4) gatekeepers"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 74: Line 74:
 
Add a user 'glexec' with the group 'glexec' to the system. This account is used to read glexec.conf with lower-privileges.
 
Add a user 'glexec' with the group 'glexec' to the system. This account is used to read glexec.conf with lower-privileges.
 
  Also members of the glexec group may execute glexec. All other users need to be whitelisted in the glexec.conf file.
 
  Also members of the glexec group may execute glexec. All other users need to be whitelisted in the glexec.conf file.
 +
 +
 +
=== The glexec.conf file ===
 +
 +
GLExec will read the glexec.conf file to determine how it should call and execute LCAS and LCMAPS. It also determines the run-time mode of glexec and which (set of) users are authorized to execute gLExec.

Revision as of 14:51, 28 November 2007

-- This page is under developement and will be updated to add more fine grained information -- It will contain information on the installation and configuration details to install glexec, edg-gatekeeper, edg-gridftpd, gt4 gatekeeper and gt4 gridftpd.



Needed packages

This is the list of packages that is needed to get started


External / other packages

vdt-globus-essentials
glite-security-voms-api-c-1.7.11
gridsite-1.1.15-1.i386.rpm


LCAS

glite-security-lcas-1.3.7-1
glite-security-lcas-interface-1.3.6-1
glite-security-lcas-plugins-basic-1.3.2-2
glite-security-lcas-plugins-voms-1.3.3-1
glite-security-lcas-plugins-check-executable-1.2.0-1

LCMAPS

glite-security-lcmaps-1.4.2-1
glite-security-lcmaps-plugins-basic-1.3.7-1
glite-security-lcmaps-plugins-voms-1.3.7-1
glite-security-lcmaps-plugins-verify-proxy-1.2.8-1

For glexec

glite-security-glexec-0.5.23-3


For edg-gatekeepers and edg-gridftpd

edg-gatekeeper package
edg-gridftpd package


For Globus Toolkit 4.0.x Gatekeeper and/or gridftpd

This package implements the GT4.0.x mapping_and_authz interface, which is used to invoke LCAS and LCMAPS.

lcas-lcmaps-gt4-interface-0.0.13-1



Installation

gLExec installation notes

Set library paths correctly for the libs

After having successfully installed all the packages. You'll need to perform a check with

ldconfig

to see if all the packages can find all that is needed on the system.

Potentially you'lle need to add directories to the /etc/ld.so.conf or LD_LIBRARY_PATH. In this sense I can think of /opt/globus/lib and /opt/glite/lib(64).


The setup of gLExec

Create the compile-time set logdirectory:

mkdir /var/log/glexec/

If wished to gain the identity separation by mapping real user job to the target identity, then you should set the sticky bit of glexec on root:

chmod 4755 /opt/glite/sbin/glexec

Add a user 'glexec' with the group 'glexec' to the system. This account is used to read glexec.conf with lower-privileges.

Also members of the glexec group may execute glexec. All other users need to be whitelisted in the glexec.conf file.


The glexec.conf file

GLExec will read the glexec.conf file to determine how it should call and execute LCAS and LCMAPS. It also determines the run-time mode of glexec and which (set of) users are authorized to execute gLExec.