1GLOBUS-GATEKEEPER(8) University of Chicago GLOBUS-GATEKEEPER(8)
2
6 globus-gatekeeper - Authorize and execute a grid service on behalf of a
7 user
8
10 globus-gatekeeper [-help]
11 [-conf PARAMETER_FILE]
12 [-test] [-d | -debug]
13 {-inetd | -f}
14 [-p PORT | -port PORT]
15 [-home PATH] [-l LOGFILE | -logfile LOGFILE]
16 [-acctfile ACCTFILE]
17 [-e LIBEXECDIR]
18 [-launch_method {fork_and_exit | fork_and_wait | dont_fork}]
19 [-grid_services SERVICEDIR]
20 [-globusid GLOBUSID]
21 [-gridmap GRIDMAP]
22 [-x509_cert_dir TRUSTED_CERT_DIR]
23 [-x509_cert_file TRUSTED_CERT_FILE]
24 [-x509_user_cert CERT_PATH]
25 [-x509_user_key KEY_PATH]
26 [-x509_user_proxy PROXY_PATH]
27 [-k]
28 [-globuskmap KMAP]
29
31 The globus-gatekeeper program is a meta-server similar to inetd or
32 xinetd that starts other services after authenticating the TCP
33 connection using GSSAPI.
34 The most common use for the globus-gatekeeper program is to start
36 instances of the globus-job-manager(8) service. A single
37 globus-gatekeeper deployment can handle multiple different service
38 configurations by having entries in the grid-services directory.
39 Typically, users interact with the globus-gatekeeper program via client
41 applications such as globusrun(1), globus-job-submit, or tools such as
42 CoG jglobus or Condor-G.
43 The full set of command-line options to globus-gatekeeper consists of:
45 -help
47 Display a help message to standard error and exit
48 -conf PARAMETER_FILE
50 Load configuration parameters from PARAMETER_FILE. The parameters
51 in that file are treated as additional command-line options.
52 -test
54 Parse the configuration file and print out the POSIX user id of the
55 globus-gatekeeper process, service home directory, service
56 execution directory, and X.509 subject name and then exits.
57 -d, -debug
59 Run the globus-gatekeeper process in the foreground.
60 -inetd
62 Flag to indicate that the globus-gatekeeper process was started via
63 inetd or a similar super-server. If this flag is set and the
64 globus-gatekeeper was not started via inetd, a warning will be
65 printed in the gatekeeper log.
66 -f
68 Flag to indicate that the globus-gatekeeper process should run in
69 the foreground. This flag has no effect when the globus-gatekeeper
70 is started via inetd.
71 -p PORT, -port PORT
73 Listen for connections on the TCP/IP port PORT. This option has no
74 effect if the globus-gatekeeper is started via inetd or a similar
75 service. If not specified and the gatekeeper is running as root,
76 the default of 754 is used. Otherwise, the gatekeeper defaults to
77 an ephemeral port.
78 -home PATH
80 Sets the gatekeeper deployment directory to PATH. This is used to
81 interpret relative paths for accounting files, libexecdir,
82 certificate paths, and also to set the GLOBUS_LOCATION environment
83 variable in the service environment. If not specified, the
84 gatekeeper uses its working directory.
85 -l LOGFILE, -logfile LOGFILE
87 Write status log entries to LOGFILE
88 -acctfile ACCTFILE
90 Set the path to write accounting records to ACCTFILE. If not set,
91 no accounting records will be written.
92 -e LIBEXECDIR
94 Look for service executables in LIBEXECDIR. If not specified, the
95 default of HOME/libexec is used.
96 -launch_method fork_and_exit|fork_and_wait|dont_fork
98 Determine how to launch services. The method may be either
99 fork_and_exit (the service runs completely independently of the
100 gatekeeper, which exits after creating the new service process),
101 fork_and_wait (the service is run in a separate process from the
102 gatekeeper but the gatekeeper does not exit until the service
103 terminates), or dont_fork, where the gatekeeper process becomes the
104 service process via the exec() system call.
105 -grid_services SERVICEDIR
107 Look for service descriptions in SERVICEDIR. If this is a relative
108 path, it is interpreted relative to the HOME value. If this is not
109 specified, the default of HOME/etc/grid-services is used.
110 -globusid GLOBUSID
112 Sets the GLOBUSID environment variable to GLOBUSID. This variable
113 is used to construct the gatekeeper contact string if it can not be
114 parsed from the service credential.
115 -gridmap GRIDMAP
117 Use the file at GRIDMAP to map GSSAPI names to POSIX user names. If
118 not specified, the default of HOME/etc/grid-mapfile is used.
119 -x509_cert_dir TRUSTED_CERT_DIR
121 Use the directory TRUSTED_CERT_DIR to locate trusted CA X.509
122 certificates. The gatekeeper sets the environment variable
123 X509_CERT_DIR to this value.
124 -x509_cert_file TRUSTED_CERT_FILE
126 OBSOLETE GSI OPTION
127 -x509_user_cert CERT_PATH
129 Read the service X.509 certificate from CERT_PATH. The gatekeeper
130 sets the X509_USER_CERT environment variable to this value.
131 -x509_user_key KEY_PATH
133 Read the private key for the service from KEY_PATH. The gatekeeper
134 sets the X509_USER_KEY environment variable to this value.
135 -x509_user_proxy PROXY_PATH
137 Read the X.509 proxy certificate from PROXY_PATH. The gatekeeper
138 sets the X509_USER_PROXY environment variable to this value.
139 -k
141 Assume authentication with Kerberos 5 GSSAPI instead of X.509
142 GSSAPI.
143 -globuskmap KMAP
145 Assume authentication with Kerberos 5 GSSAPI instead of X.509
146 GSSAPI and use KMAP as the path to the kerberos principal to POSIX
147 user mapping file.
148
150 If the following variables affect the execution of globus-gatekeeper
151 X509_CERT_DIR
153 Directory containing X.509 trust anchors and signing policy files.
154 X509_USER_PROXY
156 Path to file containing an X.509 proxy.
157 X509_USER_CERT
159 Path to file containing an X.509 user certificate.
160 X509_USER_KEY
162 Path to file containing an X.509 user key.
163
165 $GLOBUS_LOCATION/etc/globus-gatekeeper.conf
166 Default path to gatekeeper configuration file.
167 $GLOBUS_LOCATION/etc/grid-services/SERVICENAME
169 Service configuration for SERVICENAME.
170
172 globusrun(1), globus-job-manager(8)
173University of Chicago 12/01/2009 GLOBUS-GATEKEEPER(8)