'\" t .\" Title: globus-gatekeeper .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 01/06/2012 .\" Manual: Globus Toolkit .\" Source: University of Chicago .\" Language: English .\" .TH "GLOBUS\-GATEKEEPER" "8" "01/06/2012" "University of Chicago" "Globus Toolkit" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" globus-gatekeeper \- Authorize and execute a grid service on behalf of a user .SH "SYNOPSIS" .HP \w'\fBglobus\-gatekeeper\fR\ 'u \fBglobus\-gatekeeper\fR [\-help] .br [\-conf\ \fIPARAMETER_FILE\fR] .br [\-test] [\-d | \-debug] .br {\-inetd | \-f} .br [\-p\ \fIPORT\fR | \-port\ \fIPORT\fR] .br [\-home\ \fIPATH\fR] [\-l\ \fILOGFILE\fR | \-logfile\ \fILOGFILE\fR] [\-lf\ \fILOG_FACILITY\fR] .br [\-acctfile\ \fIACCTFILE\fR] .br [\-e\ \fILIBEXECDIR\fR] .br [\-launch_method\ {fork_and_exit\ |\ fork_and_wait\ |\ dont_fork}] .br [\-grid_services\ \fISERVICEDIR\fR] .br [\-globusid\ \fIGLOBUSID\fR] .br [\-gridmap\ \fIGRIDMAP\fR] .br [\-x509_cert_dir\ \fITRUSTED_CERT_DIR\fR] .br [\-x509_cert_file\ \fITRUSTED_CERT_FILE\fR] .br [\-x509_user_cert\ \fICERT_PATH\fR] .br [\-x509_user_key\ \fIKEY_PATH\fR] .br [\-x509_user_proxy\ \fIPROXY_PATH\fR] .br [\-k] .br [\-globuskmap\ \fIKMAP\fR] .br [\-pidfile\ \fIPIDFILE\fR] .SH "DESCRIPTION" .PP The \fBglobus\-gatekeeper\fR program is a meta\-server similar to \fBinetd\fR or \fBxinetd\fR that starts other services after authenticating a TCP connection using GSSAPI and mapping the client\'s credential to a local account\&. .PP The most common use for the \fBglobus\-gatekeeper\fR program is to start instances of the \fBglobus-job-manager\fR(8) service\&. A single \fBglobus\-gatekeeper\fR deployment can handle multiple different service configurations by having entries in the /etc/grid\-services directory\&. .PP Typically, users interact with the \fBglobus\-gatekeeper\fR program via client applications such as \fBglobusrun\fR(1), \fBglobus\-job\-submit\fR, or tools such as CoG jglobus or Condor\-G\&. .PP The full set of command\-line options to \fBglobus\-gatekeeper\fR consists of: .PP \-help .RS 4 Display a help message to standard error and exit .RE .PP \-conf \fIPARAMETER_FILE\fR .RS 4 Load configuration parameters from \fIPARAMETER_FILE\fR\&. The parameters in that file are treated as additional command\-line options\&. .RE .PP \-test .RS 4 Parse the configuration file and print out the POSIX user id of the \fBglobus\-gatekeeper\fR process, service home directory, service execution directory, and X\&.509 subject name and then exits\&. .RE .PP \-d, \-debug .RS 4 Run the \fBglobus\-gatekeeper\fR process in the foreground\&. .RE .PP \-inetd .RS 4 Flag to indicate that the \fBglobus\-gatekeeper\fR process was started via \fBinetd\fR or a similar super\-server\&. If this flag is set and the \fBglobus\-gatekeeper\fR was not started via inetd, a warning will be printed in the gatekeeper log\&. .RE .PP \-f .RS 4 Flag to indicate that the \fBglobus\-gatekeeper\fR process should run in the foreground\&. This flag has no effect when the \fBglobus\-gatekeeper\fR is started via inetd\&. .RE .PP \-p \fIPORT\fR, \-port \fIPORT\fR .RS 4 Listen for connections on the TCP/IP port \fIPORT\fR\&. This option has no effect if the \fBglobus\-gatekeeper\fR is started via inetd or a similar service\&. If not specified and the gatekeeper is running as root, the default of 2119 is used\&. Otherwise, the gatekeeper defaults to an ephemeral port\&. .RE .PP \-home \fIPATH\fR .RS 4 Sets the gatekeeper deployment directory to \fIPATH\fR\&. This is used to interpret relative paths for accounting files, libexecdir, certificate paths, and also to set the \fBGLOBUS_LOCATION\fR environment variable in the service environment\&. If not specified, the gatekeeper looks for service executables in /usr/sbin, configuration in /etc, and writes logs and accounting files to /var/log\&. .RE .PP \-l \fILOGFILE\fR, \-logfile \fILOGFILE\fR .RS 4 Write log entries to \fILOGFILE\fR\&. If \fILOGFILE\fR is equal to logoff or LOGOFF, then logging will be disabled, both to file and to syslog\&. .RE .PP \-lf \fILOG_FACILITY\fR .RS 4 Open syslog using the \fILOG_FACILITY\fR\&. If not specified, LOG_DAEMON will be used as the default when using syslog\&. .RE .PP \fB\-acctfile \fR\fB\fIACCTFILE\fR\fR .RS 4 Set the path to write accounting records to \fIACCTFILE\fR\&. If not set, records will be written to the log file\&. .RE .PP \-e \fILIBEXECDIR\fR .RS 4 Look for service executables in \fILIBEXECDIR\fR\&. If not specified, the sbin subdirectory of the parameter to \fB\-home\fR is used, or /usr/sbin if that is not set\&. .RE .PP \-launch_method fork_and_exit|fork_and_wait|dont_fork .RS 4 Determine how to launch services\&. The method may be either fork_and_exit (the service runs completely independently of the gatekeeper, which exits after creating the new service process), fork_and_wait (the service is run in a separate process from the gatekeeper but the gatekeeper does not exit until the service terminates), or dont_fork, where the gatekeeper process becomes the service process via the \fBexec()\fR system call\&. .RE .PP \-grid_services \fISERVICEDIR\fR .RS 4 Look for service descriptions in \fISERVICEDIR\fR\&. .RE .PP \-globusid \fIGLOBUSID\fR .RS 4 Sets the \fBGLOBUSID\fR environment variable to \fIGLOBUSID\fR\&. This variable is used to construct the gatekeeper contact string if it can not be parsed from the service credential\&. .RE .PP \-gridmap \fIGRIDMAP\fR .RS 4 Use the file at \fIGRIDMAP\fR to map GSSAPI names to POSIX user names\&. .RE .PP \-x509_cert_dir \fITRUSTED_CERT_DIR\fR .RS 4 Use the directory \fITRUSTED_CERT_DIR\fR to locate trusted CA X\&.509 certificates\&. The gatekeeper sets the environment variable \fBX509_CERT_DIR\fR to this value\&. .RE .PP \-x509_user_cert \fICERT_PATH\fR .RS 4 Read the service X\&.509 certificate from \fICERT_PATH\fR\&. The gatekeeper sets the \fBX509_USER_CERT\fR environment variable to this value\&. .RE .PP \-x509_user_key \fIKEY_PATH\fR .RS 4 Read the private key for the service from \fIKEY_PATH\fR\&. The gatekeeper sets the \fBX509_USER_KEY\fR environment variable to this value\&. .RE .PP \-x509_user_proxy \fIPROXY_PATH\fR .RS 4 Read the X\&.509 proxy certificate from \fIPROXY_PATH\fR\&. The gatekeeper sets the \fBX509_USER_PROXY\fR environment variable to this value\&. .RE .PP \-k .RS 4 Use the \fBglobus\-k5\fR command to acquire Kerberos 5 credentials before starting the service\&. .RE .PP \-globuskmap \fIKMAP\fR .RS 4 Use \fIKMAP\fR as the path to the Grid credential to kerberos initialization mapping file\&. .RE .PP \-pidfile \fIPIDFILE\fR .RS 4 Write the process id of the \fBglobus\-gatekeeper\fR to the file named by \fIPIDFILE\fR\&. .RE .SH "ENVIRONMENT" .PP If the following variables affect the execution of \fBglobus\-gatekeeper\fR: .PP X509_CERT_DIR .RS 4 Directory containing X\&.509 trust anchors and signing policy files\&. .RE .PP X509_USER_PROXY .RS 4 Path to file containing an X\&.509 proxy\&. .RE .PP X509_USER_CERT .RS 4 Path to file containing an X\&.509 user certificate\&. .RE .PP X509_USER_KEY .RS 4 Path to file containing an X\&.509 user key\&. .RE .PP GLOBUS_LOCATION .RS 4 Default path to gatekeeper service files\&. .RE .SH "FILES" .PP .PP /etc/grid\-services/\fISERVICENAME\fR .RS 4 Service configuration for \fISERVICENAME\fR\&. .RE .PP /etc/grid\-security/grid\-mapfile .RS 4 Default file mapping Grid identities to POSIX identities\&. .RE .PP /etc/globuskmap .RS 4 Default file mapping Grid identities to Kerberos 5 principals\&. .RE .PP /etc/globus\-nologin .RS 4 File to disable the \fBglobus\-gatekeeper\fR program\&. .RE .PP /var/log/globus\-gatekeeper\&.log .RS 4 Default gatekeeper log\&. .RE .SH "SEE ALSO" .PP \fBglobus-k5\fR(8), \fBglobusrun\fR(1), \fBglobus-job-manager\fR(8)