|
MyProxy can be used in many ways. Here are some examples.
After obtaining a certificate from a Certificate Authority (CA), you can store a proxy credential based on that certificate in the MyProxy repository using the myproxy-init command. By default, myproxy-init stores a credential good for 7 days, but it can also be used to store longer-lived credentials. Then, whenever you need a credential, you can retrieve a short-lived proxy from the MyProxy repository with the myproxy-logon command. This makes it easy for you to access your credentials without needing to manually copy certificate and key files between systems, which is prone to error and can be a cause of security problems. For more information, see the Managing Credentials with MyProxy page.
Using the MyProxy CA makes the process even simpler. In this case, the MyProxy CA can create certificates on demand, without needing to store user credentials in the MyProxy repository. In other words, there's no need to first obtain a certificate from a separate CA or run myproxy-init. Simply run myproxy-logon to obtain a new short-lived certificate whenever needed. The myproxy-logon command first generates a new private key, then sends a certificate request to the MyProxy server, and the MyProxy server returns a corresponding signed certificate. For more information, see the MyProxy CA page.
A portal is a web site that provides an interface to multiple services, allowing users to (for example) submit compute jobs, transfer files, and query information services from a standard web browser. There are many ways MyProxy can be used with portals, but in each case the pattern is the same: you login to the portal, and the portal contacts a MyProxy server to obtain credentials so it can access grid resources on your behalf. The portal must authenticate to the MyProxy server to prove it is authorized to obtain your credentials. One method is for you to enter your MyProxy username and password on the portal login page, which the portal uses to login to MyProxy on your behalf. Another method is for you to login to the portal via the Pubcookie web single sign-on system, which gives the portal a cookie it can use to authenticate to the MyProxy server to obtain your credentials. Finally, the portal could be fully-trusted by the MyProxy server (via the myproxy-server.config trusted_retrievers policy), allowing the portal to verify your login locally, then authenticate with its own portal certificate to obtain your credentials from MyProxy. For more information, see MyProxy and Grid Portals and MyProxy Pubcookie Integration. These are just a few of the ways that MyProxy can be used. To learn more about MyProxy, please continue browsing the online documentation.
Last modified
06/14/10. |