GT 5.0.5 Release Notes: MyProxy


1. Component Overview

MyProxy is open source software for managing X.509 Public Key Infrastructure (PKI) security credentials (certificates and private keys). MyProxy combines an online credential repository with an online certificate authority to allow users to securely obtain credentials when and where needed. Users run myproxy-logon to authenticate and obtain credentials, including trusted CA certificates and Certificate Revocation Lists (CRLs). For more information about MyProxy, see the MyProxy Home Page.

2. Feature summary

Supported Features

  • Users can obtain certificates and trust roots from the MyProxy CA using myproxy-logon.
  • Users can store and retrieve multiple X.509 proxy credentials using myproxy-init and myproxy-logon.
  • Users can store and retrieve multiple X.509 end-entity credentials using myproxy-store and myproxy-retrieve.
  • Users and administrators can manage trustroots (CA certificates and CRLs) using myproxy-logon and myproxy-get-trustroots.
  • Administrators can load the repository with X.509 end-entity credentials on the users' behalf using myproxy-admin-load-credential.
  • Administrators can use the myproxy-admin-adduser command to create user credentials and load them into the MyProxy repository.
  • Administrators can use the myproxy-admin-addservice command to create host credentials and load them into the MyProxy repository.
  • Users and administrators can set access control policies on the credentials in the repository.
  • If allowed by policy, job managers (such as Condor-G) can renew credentials before they expire.
  • The MyProxy server enforces local site passphrase policies using a configurable external call-out.

Deprecated Features

  • None

3. Summary of Changes in MyProxy

GT 5.0.5 contains MyProxy 5.5. See the MyProxy Release Notes for more details on this and other MyProxy versions.

4. Known Problems

The following problems and limitations are known to exist for MyProxy at the time of the 5.0.5 release:

4.1. Limitations

  • No known limitations exist.

4.2. Outstanding bugs

  • Bug 2709: The MyProxy package isn't internationalized.

5. Technology dependencies

MyProxy depends on the following GT component:

6. Tested platforms

Tested Platforms for MyProxy:

  • Mac OS X 10.5
  • x86/x86_64 GNU/Linux
  • PPC AIX 5.3
  • Sun4u Solaris 5.10

7. Backward compatibility summary

All MyProxy versions are fully backwards compatible.

8. Associated Standards

Associated standards for MyProxy:

9. For More Information

See MyProxy for more information about this component.

Glossary

H

host credentials

The combination of a host certificate and its corresponding private key.

P

proxy credentials

The combination of a proxy certificate and its corresponding private key. GSI typically stores proxy credentials in /tmp/x509up_u<uid> , where <uid> is the user id of the proxy owner.

U

user credentials

The combination of a user certificate and its corresponding private key.