Provided by: globus-gatekeeper_11.4-2_amd64 bug


       globus-gatekeeper - Authorize and execute a grid service on behalf of a user


       globus-gatekeeper [-help]

       globus-gatekeeper -conf PARAMETER_FILE [-test] [-d | -debug] [-inetd | -f] [-p PORT |
       -port PORT] [-l LOGFILE | -logfile LOGFILE] [-lf LOG_FACILITY] [-acctfile ACCTFILE] [-e
       LIBEXECDIR] [-launch_method { fork_and_exit | fork_and_wait | dont_fork }] [-grid_services
       SERVICEDIR] [-globusid GLOBUSID] [-gridmap GRIDMAP] [-x509_cert_dir TRUSTED_CERT_DIR]
       [-x509_cert_file TRUSTED_CERT_FILE] [-x509_user_cert CERT_PATH] [-x509_user_key KEY_PATH]
       [-x509_user_proxy PROXY_PATH] [-k] [-globuskmap KMAP] [-pidfile PIDFILE]


       The globus-gatekeeper program is a meta-server similar to inetd or*xinetd* that starts
       other services after authenticating a TCP connection using GSSAPI and mapping the client’s
       credential to a local account.

       The most common use for the globus-gatekeeper program is to start instances of the
       globus-job-manager(8) service. A single globus-gatekeeper deployment can handle multiple
       different service configurations by having entries in the /etc/grid-services/ directory.

       Typically, users interact with the globus-gatekeeper program via client applications such
       as globusrun(1), globus-job-submit(1), or tools such as CoG jglobus or Condor-G.

       The full set of command-line options to globus-gatekeeper consists of:

           Display a help message to standard error and exit

       -conf PARAMETER_FILE
           Load configuration parameters from PARAMETER_FILE. The parameters in that file are
           treated as additional command-line options.

           Parse the configuration file and print out the POSIX user id of the globus-gatekeeper
           process, service home directory, service execution directory, and X.509 subject name
           and then exits.

       -d, -debug
           Run the globus-gatekeeper process in the foreground.

           Flag to indicate that the globus-gatekeeper process was started via inetd or a similar
           super-server. If this flag is set and the globus-gatekeeper was not started via inetd,
           a warning will be printed in the gatekeeper log.

           Flag to indicate that the globus-gatekeeper process should run in the foreground. This
           flag has no effect when the globus-gatekeeper is started via inetd.

       -p PORT, -port PORT
           Listen for connections on the TCP/IP port PORT. This option has no effect if the
           globus-gatekeeper is started via inetd or a similar service. If not specified and the
           gatekeeper is running as root, the default of 2119 is used. Otherwise, the gatekeeper
           defaults to an ephemeral port.

       -home PATH
           Sets the gatekeeper deployment directory to PATH. This is used to interpret relative
           paths for accounting files, libexecdir, certificate paths, and also to set the
           GLOBUS_LOCATION environment variable in the service environment. If not specified, the
           gatekeeper looks for service executables in /usr/sbin, configuration in /etc, and
           writes logs and accounting files to /var/log.

       -l LOGFILE, -logfile LOGFILE
           Write log entries to LOGFILE. If LOGFILE is equal to logoff or LOGOFF, then logging
           will be disabled, both to file and to syslog.

       -lf LOG_FACILITY
           Open syslog using the LOG_FACILITY. If not specified, LOG_DAEMON will be used as the
           default when using syslog.

       <option>-acctfile ACCTFILE</option>
           Set the path to write accounting records to ACCTFILE. If not set, records will be
           written to the log file.

       -e LIBEXECDIR
           Look for service executables in LIBEXECDIR. If not specified, the sbin subdirectory of
           the parameter to -home is used, or /usr/sbin if that is not set.

       -launch_method fork_and_exit | fork_and_wait | dont_fork
           Determine how to launch services. The method may be either fork_and_exit (the service
           runs completely independently of the gatekeeper, which exits after creating the new
           service process), fork_and_wait (the service is run in a separate process from the
           gatekeeper but the gatekeeper does not exit until the service terminates), or
           dont_fork, where the gatekeeper process becomes the service process via the exec()
           system call.

       -grid_services SERVICEDIR
           Look for service descriptions in SERVICEDIR.

       -globusid GLOBUSID
           Sets the GLOBUSID environment variable to GLOBUSID. This variable is used to construct
           the gatekeeper contact string if it can not be parsed from the service credential.

       -gridmap GRIDMAP
           Use the file at GRIDMAP to map GSSAPI names to POSIX user names.

       -x509_cert_dir TRUSTED_CERT_DIR
           Use the directory TRUSTED_CERT_DIR to locate trusted CA X.509 certificates. The
           gatekeeper sets the environment variable X509_CERT_DIR to this value.

       -x509_user_cert CERT_PATH
           Read the service X.509 certificate from CERT_PATH. The gatekeeper sets the
           X509_USER_CERT environment variable to this value.

       -x509_user_key KEY_PATH
           Read the private key for the service from KEY_PATH. The gatekeeper sets the
           X509_USER_KEY environment variable to this value.

       -x509_user_proxy PROXY_PATH
           Read the X.509 proxy certificate from PROXY_PATH. The gatekeeper sets the
           X509_USER_PROXY environment variable to this value.

           Use the <command>globus-k5</command> command to acquire Kerberos 5 credentials before
           starting the service.

       -globuskmap KMAP
           Use KMAP as the path to the Grid credential to kerberos initialization mapping file.

       -pidfile PIDFILE
           Write the process id of the globus-gatekeeper to the file named by PIDFILE.


       The following environment variables affect the execution of globus-gatekeeper:

           Directory containing X.509 trust anchors and signing policy files.

           Path to file containing an X.509 proxy.

           Path to file containing an X.509 user certificate.

           Path to file containing an X.509 user key.

           Default path to gatekeeper service files.


       The following files affect the execution of globus-gatekeeper:

           Service configuration for SERVICENAME.

           Default file mapping Grid identities to POSIX identities.

           Default file mapping Grid identities to Kerberos 5 principals.

           File to disable the globus-gatekeeper program.

           Default gatekeeper log.


       globus-k5(8), globusrun(1), globus-job-manager(8)


       Copyright © 1999-2016 University of Chicago