National Center for Supercomputing Applications MyProxy Credential Management Service University of Illinois at Urbana-Champaign

[Valid HTML 4.01]
[Valid CSS]
[Valid Atom 1.0]

(OSI Certified)

MyProxy authentication and authorization using the JAAS framework is possible through MyProxyLoginModule, a Java module written using the JAAS API and the Globus JAVA Commodity Grid (CoG) Kit.

When placed in the JAAS authorization chain, MyProxyLoginModule will prompt for a user name/pass phrase pair and will attempt to retrieve a certificate from MyProxy using them. If the retrieval is successful, the certificate and its DN are added to the Subject object and a success value is returned. Otherwise, a failure value is returned.

The MyProxyLoginModule can be downloaded in JAR format, or you can acess the source via the MyProxy CVS repository using the 'jaas' module name. The full class name for the module is: edu.uiuc.ncsa.myproxy.jaas.MyProxyLoginModule

In order to use this module, you will need a current copy of the JAVA CoG Kit, avilable for download from http://wiki.cogkit.org/index.php/Table.

For full information on configuring JAAS login modules, see Sun's JAAS Reference Guide.

MyProxyLoginModule Configuration Parameters

Basic MyProxy Options

Parameter Description Default
host MyProxy server (required) none
port MyProxy server port 7512
lifetime Credential lifetime (in seconds) 43200

Advanced MyProxy Options

Parameter Description Default
credentialName MyProxy credential name to retrieve none
credentialPrompt If true, prompt the user for a MyProxy credential name (overriding any name set by the credname parameter) false
certificateFile File containing a Globus GSS Credential to use when authenticating to the MyProxy server none

JAAS Interaction Options

Parameter Description Default
useCallbacks If true, use callbacks to prompt for username, pass phrase, and credential name (if credentialPrompt is also true) true
useSharedState If true, use shared state information for username, pass phrase, and credential name. If any information is found in the shared state, it will not be prompted for (even if credentialPrompt is true). A pass phrase will only be used if a username is also found false
saveSharedState If true, save username, pass phrase and credential name to the shared state false
usernameStateKey Key used to index the username in the shared state javax.security.auth.login.name
credentialNameStateKey Key used to index the credential name in the shared state javax.security.auth.login.credential
passPhraseStateKey Key used to index the pass phrase in the shared state javax.security.auth.login.password

Last modified 08/11/06.
©2000-2016 Board of Trustees of the University of Illinois.