National Center for Supercomputing Applications MyProxy Credential Management Service University of Illinois at Urbana-Champaign

[Valid HTML 4.01]
[Valid CSS]
[Valid Atom 1.0]

(OSI Certified)

NCSA runs a production MyProxy server for TeraGrid at myproxy.teragrid.org. The current software version running on myproxy.teragrid.org is v5.7 May 2012. We believe this server is compatible with the following clients:

  • NCSA MyProxy v0.2alpha3 (11 Oct 2000) and later
  • Java CoG 1.1

The MyProxy server collects anonymous usage statistics. See Privacy Policy for details.

The TeraGrid MyProxy server is integrated with the NCSA CA. TeraGrid users can enter their TeraGrid Portal/Kerberos password at the myproxy-logon (or myproxy-get-delegation or Java CoG myproxy anonget) password prompt to retrieve a short-lived certificate from the NCSA CA, without needing to run myproxy-init or ncsa-cert-request.

The MyProxy server instance on the default MyProxy port (7512) supports both the CA and repository capability. This server instance also has "check_multiple_credentials" enabled for Session Passwords and has SASL/Kerberos authentication enabled for obtaining credentials using TERAGRID.ORG Kerberos tickets. A second server instance running on port 7514 provides a CA-only option, which is useful if you always want to perform TeraGrid Portal/Kerberos password authentication without supporting credential passphrase authentication. The TeraGrid User Portal uses the MyProxy server on port 7514 for TeraGrid Portal/Kerberos password authentication, regardless of any credentials stored via myproxy-init to myproxy.teragrid.org port 7512.

The MyProxy server is configured to enforce minimal passphrase quality, which will result in errors if you choose a passphrase that is too short or contains only dictionary words, for example.

The MyProxy server will issue certificates good for up to 11 days (264 hours). To request a certificate with longer lifetime than the default, use the -t option such as myproxy-logon -t 264 or myproxy anonget -t 264.

To use the TeraGrid MyProxy server, you must have the NCSA CA certificate installed on your client machine, so it can verify the server's host certificate. Download 9b95bbf2.0 and 9b95bbf2.signing_policy and place these two files in /etc/grid-security/certificates/. Or you can install them using myproxy-logon -T or myproxy-get-trustroots.

The MyProxy server will accept credentials from all TeraGrid Certificate Authorities accepted by TeraGrid. See the Accessing TeraGrid Overview for more information about using MyProxy and certificates on TeraGrid.

Please contact help@teragrid.org with any questions about the TeraGrid MyProxy server.

Last modified 06/05/12.
©2000-2014 Board of Trustees of the University of Illinois.