Man Linux: Main Page and Category List


       globus-gatekeeper - Authorize and execute a grid service on behalf of a


       globus-gatekeeper [-help]
                         [-conf PARAMETER_FILE]
                         [-test] [-d | -debug]
                         {-inetd | -f}
                         [-p PORT | -port PORT]
                         [-home PATH] [-l LOGFILE | -logfile LOGFILE]
                         [-acctfile ACCTFILE]
                         [-e LIBEXECDIR]
                         [-launch_method {fork_and_exit | fork_and_wait | dont_fork}]
                         [-grid_services SERVICEDIR]
                         [-globusid GLOBUSID]
                         [-gridmap GRIDMAP]
                         [-x509_cert_dir TRUSTED_CERT_DIR]
                         [-x509_cert_file TRUSTED_CERT_FILE]
                         [-x509_user_cert CERT_PATH]
                         [-x509_user_key KEY_PATH]
                         [-x509_user_proxy PROXY_PATH]
                         [-globuskmap KMAP]


       The globus-gatekeeper program is a meta-server similar to inetd or
       xinetd that starts other services after authenticating the TCP
       connection using GSSAPI.

       The most common use for the globus-gatekeeper program is to start
       instances of the globus-job-manager(8) service. A single
       globus-gatekeeper deployment can handle multiple different service
       configurations by having entries in the grid-services directory.

       Typically, users interact with the globus-gatekeeper program via client
       applications such as globusrun(1), globus-job-submit, or tools such as
       CoG jglobus or Condor-G.

       The full set of command-line options to globus-gatekeeper consists of:

           Display a help message to standard error and exit

       -conf PARAMETER_FILE
           Load configuration parameters from PARAMETER_FILE. The parameters
           in that file are treated as additional command-line options.

           Parse the configuration file and print out the POSIX user id of the
           globus-gatekeeper process, service home directory, service
           execution directory, and X.509 subject name and then exits.

       -d, -debug
           Run the globus-gatekeeper process in the foreground.

           Flag to indicate that the globus-gatekeeper process was started via
           inetd or a similar super-server. If this flag is set and the
           globus-gatekeeper was not started via inetd, a warning will be
           printed in the gatekeeper log.

           Flag to indicate that the globus-gatekeeper process should run in
           the foreground. This flag has no effect when the globus-gatekeeper
           is started via inetd.

       -p PORT, -port PORT
           Listen for connections on the TCP/IP port PORT. This option has no
           effect if the globus-gatekeeper is started via inetd or a similar
           service. If not specified and the gatekeeper is running as root,
           the default of 754 is used. Otherwise, the gatekeeper defaults to
           an ephemeral port.

       -home PATH
           Sets the gatekeeper deployment directory to PATH. This is used to
           interpret relative paths for accounting files, libexecdir,
           certificate paths, and also to set the GLOBUS_LOCATION environment
           variable in the service environment. If not specified, the
           gatekeeper uses its working directory.

       -l LOGFILE, -logfile LOGFILE
           Write status log entries to LOGFILE

       -acctfile ACCTFILE
           Set the path to write accounting records to ACCTFILE. If not set,
           no accounting records will be written.

       -e LIBEXECDIR
           Look for service executables in LIBEXECDIR. If not specified, the
           default of HOME/libexec is used.

       -launch_method fork_and_exit|fork_and_wait|dont_fork
           Determine how to launch services. The method may be either
           fork_and_exit (the service runs completely independently of the
           gatekeeper, which exits after creating the new service process),
           fork_and_wait (the service is run in a separate process from the
           gatekeeper but the gatekeeper does not exit until the service
           terminates), or dont_fork, where the gatekeeper process becomes the
           service process via the exec() system call.

       -grid_services SERVICEDIR
           Look for service descriptions in SERVICEDIR. If this is a relative
           path, it is interpreted relative to the HOME value. If this is not
           specified, the default of HOME/etc/grid-services is used.

       -globusid GLOBUSID
           Sets the GLOBUSID environment variable to GLOBUSID. This variable
           is used to construct the gatekeeper contact string if it can not be
           parsed from the service credential.

       -gridmap GRIDMAP
           Use the file at GRIDMAP to map GSSAPI names to POSIX user names. If
           not specified, the default of HOME/etc/grid-mapfile is used.

       -x509_cert_dir TRUSTED_CERT_DIR
           Use the directory TRUSTED_CERT_DIR to locate trusted CA X.509
           certificates. The gatekeeper sets the environment variable
           X509_CERT_DIR to this value.

       -x509_cert_file TRUSTED_CERT_FILE

       -x509_user_cert CERT_PATH
           Read the service X.509 certificate from CERT_PATH. The gatekeeper
           sets the X509_USER_CERT environment variable to this value.

       -x509_user_key KEY_PATH
           Read the private key for the service from KEY_PATH. The gatekeeper
           sets the X509_USER_KEY environment variable to this value.

       -x509_user_proxy PROXY_PATH
           Read the X.509 proxy certificate from PROXY_PATH. The gatekeeper
           sets the X509_USER_PROXY environment variable to this value.

           Assume authentication with Kerberos 5 GSSAPI instead of X.509

       -globuskmap KMAP
           Assume authentication with Kerberos 5 GSSAPI instead of X.509
           GSSAPI and use KMAP as the path to the kerberos principal to POSIX
           user mapping file.


       If the following variables affect the execution of globus-gatekeeper

           Directory containing X.509 trust anchors and signing policy files.

           Path to file containing an X.509 proxy.

           Path to file containing an X.509 user certificate.

           Path to file containing an X.509 user key.


           Default path to gatekeeper configuration file.

           Service configuration for SERVICENAME.


       globusrun(1), globus-job-manager(8)