gLExec-wn - 1.0.1
Current State :: Production
Contact :: cristina.aiftimiei@pd.infn.it
Technical Contact :: cristina.aiftimiei@pd.infn.it
Description :: glexec is an extended version of apache suexec. It takes as input a certificate chain, possibly with VOMS extensions, and a user program name to run. It checks authorization, user credentials, proper VOMS attributes and executable name. It acquires local credentials and a local (uid, gid) pair enforcing the local credential on the process. It is basically a suid program. It is used on the cream CE to change identity of the grid user before job submission and this led to idea of using it on the WN to implement traceability and Intra-VO accounting for pilot jobs.
Release Date :: 20110922
Major Version :: 1
Minor Version :: 0
Revision Version :: 1
Release Notes :: What's new * This update of the gLExec workernode fixes a minor bug in the yaim configuration that would cause some variables to have the wrong (or no) default value. * The CREAM CE uses gLExec and LCMAPS to resolve a Unix account in one of its deployment options. The certificate chain will be checked by the lcmaps-plugins-verify-proxy component, launched by the gLExec/LCMAPS combination. The component triggers an X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED error code, even while the chain is fully valid. There are three important triggers required: 1. The user is required to use a certificate issued from a CA certificate with a path length constraint set to 0 (=zero). This is the case for the Terena eScience Personal, Terena SSL and the FNAL CA. 2. The job must flow through the CREAM CE frontend service, not directly to gLExec on the shell 3. The proxy certificate chain must have at least two delegations, or more to trigger the error. This fix will mitigate the problems in OpenSSL (or Globus OpenSSL) by retrying the Path Length checks for RFC5280 and RFC3820 though a new routine that double checks if the chain is really invalid according to the initially stated failure condition. For a detailed background story: cream-did-it-using-bugs-in-path-length
Additional Details :: https://wiki.egi.eu/wiki/UMD-1:UMD-1.3.0#emi.glexec_wn.sl5.x86_64
Change LOG :: Put the Change logs here (multiline field)
Repository URL :: sw/production/umd/1/sl5/x86_64/updates
Documentation Links ::
Keywords ::