Table of Contents
Please refer to the MyProxy Developer’s Guide on the MyProxy web site.
Table of Contents
Supported Features
myproxy-logon
.
myproxy-init
and myproxy-logon
.
myproxy-store
and myproxy-retrieve
.
myproxy-logon
and myproxy-get-trustroots
.
myproxy-admin-load-credential
.
myproxy-admin-adduser
command to create user credentials and load them into the MyProxy repository.
myproxy-admin-addservice
command to create host credentials and load them into the MyProxy repository.
Deprecated Features
Tested Platforms for MyProxy:
Table 1.1. Tested Platforms
Operating System | Distribution | Version(s) | Architecture(s) |
---|---|---|---|
Linux | CentOS | 5, 6 | i386, x86_64 |
7 | x86_64 | ||
Fedora | 20, 21, 22 | i386, x86_64 | |
Red Hat Enterprise Linux | 5, 6 | i386, x86_64 | |
7 | x86_64 | ||
Scientific Linux | 5, 6 | i386, x86_64 | |
7 | x86_64 | ||
SUSE Linux Enterprise Server | 11SP3 | x86_64 | |
Debian | 6, 7, 8 | i386, amd64 | |
Ubuntu | 12.04LTS, 14.04LTS, 14.10, 15.04 | i386, amd64 | |
Mac OS X | 10.6-10.10 | i386, x86_64 | |
Solaris | OmniOS | r151006 | x86_64 |
Windows 7 | Cygwin | i386, x86_64 | |
MingW64 | i386, x86_64 |
You should choose a well-protected host to run the myproxy-server on. Consult with security-aware personnel at your site. You want a host that is secured to the level of a Kerberos KDC, that has limited user access, runs limited services, and is well monitored and maintained in terms of security patches.
For a typical myproxy-server installation, the host on which the myproxy-server is running must have /etc/grid-security created and a host certificate installed. In this case, the myproxy-server will run as root so it can access the host certificate and key.
Please refer to the MyProxy User Guide for MyProxy usage scenarios.
The MyProxy system architecture and design is described in the following two publications:
Table of Contents
Table 5.1. MyProxy Errors
Error Code | Definition | Possible Solutions |
---|---|---|
| This error appears as a mutual authentication failure or a server authentication failure, and the error message should list two names: the expected name of the MyProxy server and the actual authenticated name. By default, the MyProxy clients expect the MyProxy server to be running with a host certificate that matches the target hostname. This error can occur when running the MyProxy server under a non-host certificate or if the server is running on a machine with multiple hostnames.</simpara> The MyProxy clients authenticate the identity of the MyProxy server to avoid sending passphrases and credentials to rogue servers. If the expected name contains an IP address, your system is unable to do a reverse lookup on that address to get the canonical hostname of the server, indicating either a problem with that machine’s DNS record or a problem with the resolver on your system. | If the server name shown in the error message is acceptable, set the |
| This error indicates that the myproxy-server port (default: 7512) is in use by another process, probably another myproxy-server instance. You cannot run multiple instances of the myproxy-server on the same network port. | If you want to run multiple instances of the myproxy-server on a machine, you can specify different ports with the -p option, and then give the same -p option to the MyProxy commands to tell them to use the myproxy-server on that port. |
| This error indicates that the grid-proxy-init command failed when myproxy-init attempted to run it, which implies a problem with the underlying Globus installation. | Run |
| An error from the myproxy-server saying you are "not authorized" to complete
an operation typically indicates that the | See Configuring MyProxy for more information. |
| An error saying "Unable to verify remote side’s credentials," "Couldn’t
verify the remote certificate," or "alert bad certificate" often indicates
that the client or server’s certificate is signed by
an untrusted Certification Authority (CA). The client must have a CA
certificate and signing policy file installed in
| See Configuring Certificates for more information. |
For additional information, see the MyProxy Troubleshooting Page at NCSA.
For additional information about MyProxy, see the MyProxy Project Home Page at NCSA.