Man Linux: Main Page and Category List

NAME

       globus-gatekeeper - Authorize and execute a grid service on behalf of a
       user

SYNOPSIS

       globus-gatekeeper [-help]
                         [-conf PARAMETER_FILE]
                         [-test] [-d | -debug]
                         {-inetd | -f}
                         [-p PORT | -port PORT]
                         [-home PATH] [-l LOGFILE | -logfile LOGFILE]
                         [-acctfile ACCTFILE]
                         [-e LIBEXECDIR]
                         [-launch_method {fork_and_exit | fork_and_wait | dont_fork}]
                         [-grid_services SERVICEDIR]
                         [-globusid GLOBUSID]
                         [-gridmap GRIDMAP]
                         [-x509_cert_dir TRUSTED_CERT_DIR]
                         [-x509_cert_file TRUSTED_CERT_FILE]
                         [-x509_user_cert CERT_PATH]
                         [-x509_user_key KEY_PATH]
                         [-x509_user_proxy PROXY_PATH]
                         [-k]
                         [-globuskmap KMAP]

DESCRIPTION

       The globus-gatekeeper program is a meta-server similar to inetd or
       xinetd that starts other services after authenticating the TCP
       connection using GSSAPI.

       The most common use for the globus-gatekeeper program is to start
       instances of the globus-job-manager(8) service. A single
       globus-gatekeeper deployment can handle multiple different service
       configurations by having entries in the grid-services directory.

       Typically, users interact with the globus-gatekeeper program via client
       applications such as globusrun(1), globus-job-submit, or tools such as
       CoG jglobus or Condor-G.

       The full set of command-line options to globus-gatekeeper consists of:

       -help
           Display a help message to standard error and exit

       -conf PARAMETER_FILE
           Load configuration parameters from PARAMETER_FILE. The parameters
           in that file are treated as additional command-line options.

       -test
           Parse the configuration file and print out the POSIX user id of the
           globus-gatekeeper process, service home directory, service
           execution directory, and X.509 subject name and then exits.

       -d, -debug
           Run the globus-gatekeeper process in the foreground.

       -inetd
           Flag to indicate that the globus-gatekeeper process was started via
           inetd or a similar super-server. If this flag is set and the
           globus-gatekeeper was not started via inetd, a warning will be
           printed in the gatekeeper log.

       -f
           Flag to indicate that the globus-gatekeeper process should run in
           the foreground. This flag has no effect when the globus-gatekeeper
           is started via inetd.

       -p PORT, -port PORT
           Listen for connections on the TCP/IP port PORT. This option has no
           effect if the globus-gatekeeper is started via inetd or a similar
           service. If not specified and the gatekeeper is running as root,
           the default of 754 is used. Otherwise, the gatekeeper defaults to
           an ephemeral port.

       -home PATH
           Sets the gatekeeper deployment directory to PATH. This is used to
           interpret relative paths for accounting files, libexecdir,
           certificate paths, and also to set the GLOBUS_LOCATION environment
           variable in the service environment. If not specified, the
           gatekeeper uses its working directory.

       -l LOGFILE, -logfile LOGFILE
           Write status log entries to LOGFILE

       -acctfile ACCTFILE
           Set the path to write accounting records to ACCTFILE. If not set,
           no accounting records will be written.

       -e LIBEXECDIR
           Look for service executables in LIBEXECDIR. If not specified, the
           default of HOME/libexec is used.

       -launch_method fork_and_exit|fork_and_wait|dont_fork
           Determine how to launch services. The method may be either
           fork_and_exit (the service runs completely independently of the
           gatekeeper, which exits after creating the new service process),
           fork_and_wait (the service is run in a separate process from the
           gatekeeper but the gatekeeper does not exit until the service
           terminates), or dont_fork, where the gatekeeper process becomes the
           service process via the exec() system call.

       -grid_services SERVICEDIR
           Look for service descriptions in SERVICEDIR. If this is a relative
           path, it is interpreted relative to the HOME value. If this is not
           specified, the default of HOME/etc/grid-services is used.

       -globusid GLOBUSID
           Sets the GLOBUSID environment variable to GLOBUSID. This variable
           is used to construct the gatekeeper contact string if it can not be
           parsed from the service credential.

       -gridmap GRIDMAP
           Use the file at GRIDMAP to map GSSAPI names to POSIX user names. If
           not specified, the default of HOME/etc/grid-mapfile is used.

       -x509_cert_dir TRUSTED_CERT_DIR
           Use the directory TRUSTED_CERT_DIR to locate trusted CA X.509
           certificates. The gatekeeper sets the environment variable
           X509_CERT_DIR to this value.

       -x509_cert_file TRUSTED_CERT_FILE
           OBSOLETE GSI OPTION

       -x509_user_cert CERT_PATH
           Read the service X.509 certificate from CERT_PATH. The gatekeeper
           sets the X509_USER_CERT environment variable to this value.

       -x509_user_key KEY_PATH
           Read the private key for the service from KEY_PATH. The gatekeeper
           sets the X509_USER_KEY environment variable to this value.

       -x509_user_proxy PROXY_PATH
           Read the X.509 proxy certificate from PROXY_PATH. The gatekeeper
           sets the X509_USER_PROXY environment variable to this value.

       -k
           Assume authentication with Kerberos 5 GSSAPI instead of X.509
           GSSAPI.

       -globuskmap KMAP
           Assume authentication with Kerberos 5 GSSAPI instead of X.509
           GSSAPI and use KMAP as the path to the kerberos principal to POSIX
           user mapping file.

ENVIRONMENT

       If the following variables affect the execution of globus-gatekeeper

       X509_CERT_DIR
           Directory containing X.509 trust anchors and signing policy files.

       X509_USER_PROXY
           Path to file containing an X.509 proxy.

       X509_USER_CERT
           Path to file containing an X.509 user certificate.

       X509_USER_KEY
           Path to file containing an X.509 user key.

FILES

       $GLOBUS_LOCATION/etc/globus-gatekeeper.conf
           Default path to gatekeeper configuration file.

       $GLOBUS_LOCATION/etc/grid-services/SERVICENAME
           Service configuration for SERVICENAME.

SEE ALSO

       globusrun(1), globus-job-manager(8)