MyProxy and Grid Portals
MyProxy provides a solution for delegating credentials to Grid portals to allow the portal to authenticate to Grid services on the user's behalf. A Grid portal is a web server that provides an interface to Grid services, allowing users to submit compute jobs, transfer files, and query Grid information services from a standard web browser.
The following software is available for integrating MyProxy with Grid portals and other web applications:
Each specific Grid portal toolkit should provide its own documentation and support for working with MyProxy. However, this page includes some general information about using MyProxy with Grid portals.
Using MyProxy with a Grid Portal
To use MyProxy with a Grid portal, you first store a Grid credential on a MyProxy server that the portal can use. Some portals are configured to use specific MyProxy servers only and do not allow you to specify additional MyProxy servers, so it is important to check first that the portal can use your chosen MyProxy server. To store a Grid credential on the MyProxy server, run the myproxy-init command on a computer where your Grid credentials are located. For example:
$ myproxy-init -a -s myproxy.ncsa.uiuc.edu Your identity: /C=US/O=National Computational Science Alliance/CN=Jim Basney Enter GRID pass phrase for this identity: Creating proxy ........................................... Done Your proxy is valid until Fri Sep 13 13:52:56 2002 Enter MyProxy Pass Phrase: Verifying password - Enter MyProxy Pass Phrase: A proxy valid for 168 hours (7.0 days) for user jbasney now exists on myproxy.ncsa.uiuc.edu.
The myproxy-init command prompts first for the pass phrase of your Grid credentials and then prompts twice for a new pass phrase to use to secure the credentials on the MyProxy server. By default, the credential is stored under your Unix username (jbasney in the example above) for 7 days. Refer to the myproxy-init documentation for the details of all the myproxy-init options.
Once you've stored a credential on the MyProxy server, you can "login" to the Grid portal with your MyProxy username and pass phrase. If the Grid portal supports multiple MyProxy servers, you will also need to indicate which MyProxy server you're using on the portal login page. Once you login, you should be able to use the Grid portal interface to access Grid services. The Grid portal's documentation should have more details about the specifics of using MyProxy with that portal.
Configuring a Grid Portal to Use MyProxy
The Grid portal takes the MyProxy username and pass phrase entered by the user and uses them to authenticate to the MyProxy server to retrieve a credential. The portal can use the myproxy-get-delegation command to retrieve the credential or can use a MyProxy API provided by a portal toolkit or CoG kit (see examples above).
A very simple html file and cgi script for using MyProxy with a Grid portal is available here. The html file presents a form for requesting a proxy. After filling out the form, the CGI script, myproxy-get-delegation.cgi, runs myproxy-get-delegation with the user supplied input and returns the output of the command. The CGI script myproxy-get-delegation.cgi is intended to demonstrate the use of myproxy-get-delegation and can be modified to suit a particular portal's requirements. If a proxy is succesfully retrieved from myproxy-server, it will store the proxy in the top-level directory under <username>.cred.