Authenticating to MyProxy from Pubcookie
Pubcookie uses authentication plugins called verifiers that can authenticate against external services such as LDAP and Kerberos. The most general of the verifiers, "fork", simply passes the username and password to an external process and bases its authentication decision on the exit value. An exit value of zero passes, and a non-zero exit value fails authentication.
Here are instructions for configuring a MyProxy verifier -- that
is, a simple script that calls out to
To configure Pubcookie, first replace the
basic_verifier: verify_fork verify_exe: /usr/local/pubcookie/myproxy_fork.pl
Be sure to change
MyProxy Verifier Script
Then, install this Perl script somewhere that Pubcookie can execute
it. In this example, it is installed at
Operation: The username and password are passed via STDIN as null-terminated strings. The script parses them and passes them to myproxy-logon.
$cmd .= " >/dev/null 2>&1";
$cmd .= " >/tmp/pubcookie_out 2>&1";
For example, here is what you would see with an invalid MyProxy passphrase:
ERROR from server: PAM authentication failed: Permission denied Failed to receive a proxy.
And here is a successful login:
A proxy has been received for user <username> in /tmp/x509up_u500