MyProxy

Content:

What is MyProxy?
Create and store credentials
Retrieve and destroy proxy

What is MyProxy server?

MyProxy is an open source software. It provides functionalities to manage X.509 Public Key Infrastructure (PKI) security credentials. It is an online repository that allows users to store their X.509 PKI security credentials. Each credential is protected by a password that is provided by the user at the time of storage. The credential can be retrieved later from the repository for use.

The advantage of this method is that users would not have to carry their private keys and certificates to install on computers which they would like to access grid resources from. This is especially userful for users who have to use shared computers and are thus unwilling to save a copy of their grid certificates in those computers. For more information about MyProxy, please refer to http://grid.ncsa.uiuc.edu/myproxy.

Using LRZ's MyProxy server.

LRZ's MyProxy information:

HostName:	myproxy.lrz.de
Port:	7512

Create and Store credential:

To use MyProxy from your PC without need to have Globus installed please read this pdf about handy Java webstart tool. With that you can store proxy to a MyProxy server. Then you can continue to read below Retrieve and Remove credential section.

At LRZ Globus is available on both HLRB2 and the Linux cluster. To set needed environmental variables, please use the following command:

module load globus

To create and store a credential:

myproxy-init -s myproxy.lrz.de

User will be prompted to enter first his/her grid certificates passphrase. By inputing the correct passphrase, a credential/proxy is generated. User will be prompted to enter another passphrase, MyProxy passphrase. This is the passphrase that will protect the user's credential on the myproxy server. User should choose a secure passphrase. User will be prompted to enter the MyProxy passhrase again for verification. Once that is done, a credential that is valid for 7 days is created.

To create a credential that has a maximum lifetime

myproxy-init -c 0

i.e., the lifetime of the original credential. For more information regarding creating credential with varying lifetime, please use "myproxy-init -help"

Retrieve and Remove credential:

If you are going to use Java webstart based GSISSH-Term you can use its builtin functionality to retrieve proxy from a MyProxy server. See GSISSH-Term page and find the MyProxy server subsection.

To retrieve credential from LRZ's MyProxy:

myproxy-logon -s myproxy.lrz.de

User will be prompted to enter his/her MyProxy passphrase for verification.

To remove credential from LRZ's MyProxy:

myproxy-destroy -s myproxy.lrz.de

User will be prompted to enter his/her MyProxy passphrase for verification.

If you face any problems, please contact grid-admin@lists.lrz.de

Additional Information:

GT 4.0 MyProxy: User's Guide
MyProxy DEISA User Guide