globus-gatekeeper(8)

1GLOBUS-GATEKEEPER(8)     Grid Community Toolkit Manual    GLOBUS-GATEKEEPER(8)
2
3
4

NAME

6       globus-gatekeeper - Authorize and execute a grid service on behalf of a
7       user
8

SYNOPSIS

10       globus-gatekeeper [-help]
11
12       globus-gatekeeper -conf PARAMETER_FILE [-test] [-d | -debug] [-inetd |
13       -f] [-p PORT | -port PORT] [-l LOGFILE | -logfile LOGFILE] [-lf
14       LOG_FACILITY] [-acctfile ACCTFILE] [-e LIBEXECDIR] [-launch_method {
15       fork_and_exit | fork_and_wait | dont_fork }] [-grid_services
16       SERVICEDIR] [-globusid GLOBUSID] [-gridmap GRIDMAP] [-x509_cert_dir
17       TRUSTED_CERT_DIR] [-x509_cert_file TRUSTED_CERT_FILE] [-x509_user_cert
18       CERT_PATH] [-x509_user_key KEY_PATH] [-x509_user_proxy PROXY_PATH] [-k]
19       [-globuskmap KMAP] [-pidfile PIDFILE]
20

DESCRIPTION

22       The globus-gatekeeper program is a meta-server similar to inetd
23       or*xinetd* that starts other services after authenticating a TCP
24       connection using GSSAPI and mapping the client’s credential to a local
25       account.
26
27       The most common use for the globus-gatekeeper program is to start
28       instances of the globus-job-manager(8) service. A single
29       globus-gatekeeper deployment can handle multiple different service
30       configurations by having entries in the /etc/grid-services/ directory.
31
32       Typically, users interact with the globus-gatekeeper program via client
33       applications such as globusrun(1), globus-job-submit(1), or tools such
34       as CoG jglobus or Condor-G.
35
36       The full set of command-line options to globus-gatekeeper consists of:
37
38       -help
39           Display a help message to standard error and exit
40
41       -conf PARAMETER_FILE
42           Load configuration parameters from PARAMETER_FILE. The parameters
43           in that file are treated as additional command-line options.
44
45       -test
46           Parse the configuration file and print out the POSIX user id of the
47           globus-gatekeeper process, service home directory, service
48           execution directory, and X.509 subject name and then exits.
49
50       -d, -debug
51           Run the globus-gatekeeper process in the foreground.
52
53       -inetd
54           Flag to indicate that the globus-gatekeeper process was started via
55           inetd or a similar super-server. If this flag is set and the
56           globus-gatekeeper was not started via inetd, a warning will be
57           printed in the gatekeeper log.
58
59       -f
60           Flag to indicate that the globus-gatekeeper process should run in
61           the foreground. This flag has no effect when the globus-gatekeeper
62           is started via inetd.
63
64       -p PORT, -port PORT
65           Listen for connections on the TCP/IP port PORT. This option has no
66           effect if the globus-gatekeeper is started via inetd or a similar
67           service. If not specified and the gatekeeper is running as root,
68           the default of 2119 is used. Otherwise, the gatekeeper defaults to
69           an ephemeral port.
70
71       -home PATH
72           Sets the gatekeeper deployment directory to PATH. This is used to
73           interpret relative paths for accounting files, libexecdir,
74           certificate paths, and also to set the GLOBUS_LOCATION environment
75           variable in the service environment. If not specified, the
76           gatekeeper looks for service executables in /usr/sbin,
77           configuration in /etc, and writes logs and accounting files to
78           /var/log.
79
80       -l LOGFILE, -logfile LOGFILE
81           Write log entries to LOGFILE. If LOGFILE is equal to logoff or
82           LOGOFF, then logging will be disabled, both to file and to syslog.
83
84       -lf LOG_FACILITY
85           Open syslog using the LOG_FACILITY. If not specified, LOG_DAEMON
86           will be used as the default when using syslog.
87
88       <option>-acctfile ACCTFILE</option>
89           Set the path to write accounting records to ACCTFILE. If not set,
90           records will be written to the log file.
91
92       -e LIBEXECDIR
93           Look for service executables in LIBEXECDIR. If not specified, the
94           sbin subdirectory of the parameter to -home is used, or /usr/sbin
95           if that is not set.
96
97       -launch_method fork_and_exit | fork_and_wait | dont_fork
98           Determine how to launch services. The method may be either
99           fork_and_exit (the service runs completely independently of the
100           gatekeeper, which exits after creating the new service process),
101           fork_and_wait (the service is run in a separate process from the
102           gatekeeper but the gatekeeper does not exit until the service
103           terminates), or dont_fork, where the gatekeeper process becomes the
104           service process via the exec() system call.
105
106       -grid_services SERVICEDIR
107           Look for service descriptions in SERVICEDIR.
108
109       -globusid GLOBUSID
110           Sets the GLOBUSID environment variable to GLOBUSID. This variable
111           is used to construct the gatekeeper contact string if it can not be
112           parsed from the service credential.
113
114       -gridmap GRIDMAP
115           Use the file at GRIDMAP to map GSSAPI names to POSIX user names.
116
117       -x509_cert_dir TRUSTED_CERT_DIR
118           Use the directory TRUSTED_CERT_DIR to locate trusted CA X.509
119           certificates. The gatekeeper sets the environment variable
120           X509_CERT_DIR to this value.
121
122       -x509_user_cert CERT_PATH
123           Read the service X.509 certificate from CERT_PATH. The gatekeeper
124           sets the X509_USER_CERT environment variable to this value.
125
126       -x509_user_key KEY_PATH
127           Read the private key for the service from KEY_PATH. The gatekeeper
128           sets the X509_USER_KEY environment variable to this value.
129
130       -x509_user_proxy PROXY_PATH
131           Read the X.509 proxy certificate from PROXY_PATH. The gatekeeper
132           sets the X509_USER_PROXY environment variable to this value.
133
134       -k
135           Use the <command>globus-k5</command> command to acquire Kerberos 5
136           credentials before starting the service.
137
138       -globuskmap KMAP
139           Use KMAP as the path to the Grid credential to kerberos
140           initialization mapping file.
141
142       -pidfile PIDFILE
143           Write the process id of the globus-gatekeeper to the file named by
144           PIDFILE.
145

ENVIRONMENT

147       The following environment variables affect the execution of
148       globus-gatekeeper:
149
150       X509_CERT_DIR
151           Directory containing X.509 trust anchors and signing policy files.
152
153       X509_USER_PROXY
154           Path to file containing an X.509 proxy.
155
156       X509_USER_CERT
157           Path to file containing an X.509 user certificate.
158
159       X509_USER_KEY
160           Path to file containing an X.509 user key.
161
162       GLOBUS_LOCATION
163           Default path to gatekeeper service files.
164

FILES

166       The following files affect the execution of globus-gatekeeper:
167
168       /etc/grid-services/SERVICENAME
169           Service configuration for SERVICENAME.
170
171       /etc/grid-security/grid-mapfile
172           Default file mapping Grid identities to POSIX identities.
173
174       /etc/globuskmap
175           Default file mapping Grid identities to Kerberos 5 principals.
176
177       /etc/globus-nologin
178           File to disable the globus-gatekeeper program.
179
180       /var/log/globus-gatekeeper.log
181           Default gatekeeper log.
182

AUTHOR

187       Copyright © 1999-2016 University of Chicago
188
189
190
191Grid Community Toolkit 6          03/31/2018              GLOBUS-GATEKEEPER(8)

NAME

SYNOPSIS

DESCRIPTION

ENVIRONMENT

FILES

SEE ALSO

AUTHOR