'\" t .\" Title: globus-k5 .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.75.2 .\" Date: 01/06/2012 .\" Manual: Globus Toolkit .\" Source: University of Chicago .\" Language: English .\" .TH "GLOBUS\-K5" "8" "01/06/2012" "University of Chicago" "Globus Toolkit" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" globus-k5 \- Acquire Kerberos Credentials for use with Grid Services .SH "SYNOPSIS" .HP \w'\fBglobus\-k5\fR\ 'u \fBglobus\-k5\fR \fISERVICE\-COMMAND\fR [\fISERVICE\-ARGS\fR...] .SH "DESCRIPTION" .PP The \fBglobus\-k5\fR program is an authorization module used by the \fBglobus\-gatekeeper\fR program to acquire Kerberos 5 Credentials prior to executing a Grid Service\&. This may be accomplished by running \fBkinit\fR with a password stored in the globuskmap file, using the NCSA \fBkrb525\fR command, or the \fBsslk5\fR command to use the X509 user proxy\&. .PP The arguments passed to \fBglobus\-k5\fR will not be used by it, but will be passed onto the job manager\&. The first parameter must be the path to the Grid Service\&. .PP It is expected that the environment will contain the variables \fBGLOBUSID\fR and \fBUSER\fR for the Grid and local POSIX user identities\&. This program is normally run as root, and will call seteuid() prior to executing the Grid Service\&. .PP The parameters to use and the mapping for the globus to K5 user are located in the globuskmap file\&. .SH "FORMAT OF THE GLOBUSKMAP FILE" .PP The globuskmap file is a line\-oriented file which each line containing a command to run to acquire Kerberos 5 credentials for a Grid identity\&. Each line consists of an optionally\-quoted \fIGLOBUSID\fR value followed by a command\-line for running a process to acquire a Kerberos credential\&. For example: .sp .if n \{\ .RS 4 .\} .nf "/O=Example/OU=Grid/CN=Joe User" /usr/afsws/bin/klog \-principal juser \-password mypasswd \-cell infn\&.it .fi .if n \{\ .RE .\} .sp .SH "ENVIRONMENT" .PP If the following variables affect the execution of \fBglobus\-k5\fR: .PP GLOBUSKMAP .RS 4 Path to the globuskmap file\&. .RE .PP USER .RS 4 POSIX username that the service will run as\&. .RE .PP KRB5CCNAME .RS 4 Path to a Kerberos credential cache\&. .RE .PP GLOBUS_ID .RS 4 Grid identity to generate Kerberos credentials for\&. .RE .SH "FILES" .PP .PP /etc/globuskmap .RS 4 Default file mapping Grid identities to Kerberos 5 principals\&. .RE .SH "SEE ALSO" .PP \fBglobus-k5\fR(8), \fBglobus-job-manager\fR(8)