How to start using Globus

Password Security Globus uses passphrase-protected certs and a concept called "proxies" for the main bulk of the authentication. A user uses "grid-proxy-init" command to create a proxy (which is a file in /tmp/x509up*). He needs a passphrase to open the cert, but from then on, the passphrase is not needed as the proxy will be used. The proxy is a temporary credential (normally for 12 hours) to make things easy (and less secure). More details at http://www.globus.org/security/proxy.html Below is an extract of the Globus webpage Signing Onto the Grid: Creating a Proxy Certificate Proxies are certificates signed by the user, or by another proxy, that do not require a password to submit a job. They are intended for short-term use, when the user is submitting many jobs and cannot be troubled to repeat his password for every job. The subject of a proxy certificate is the same as the subject of the certificate that signed it, with /CN=proxy added to the name. The gatekeeper will accept any job requests submitted by the user, as well as any proxies he has created. Proxies provide a convenient alternative to constantly entering passwords, but are also less secure than the user's normal security credential. Therefore, they should always be user-readable only, and should be deleted after they are no longer needed (or after they expire). To create a proxy with the default expiration (12 hours), run the globus-proxy-init program. For example: % globus-proxy-init The globus-proxy-init program can also take arguments to specify the expiration and proxy key length. For example: % globus-proxy-init -hours 8 -bits 512 To delete a proxy that was previously created with globus-proxy-init, run: % globus-proxy-destroy Updated Oct; July; Apr 2004; 4 Dec 2003 (ttw); 16 Sep 2003 - ogs