[transfer-api] Can I use cert-based authentication with MyProxy?

Bryce Allen ballen at ci.uchicago.edu
Wed Feb 1 13:05:46 CST 2012


It might be possible using a small C program to create the
certificate, and then the openssl command to sign. The problem is that
the openssl command only supports creating certificates using CSRs,
which are not sent by the Transfer API server and require the private
key to work. Since the channel is already authenticated, we currently
just send the public key. Another option would be to modify the API to
send a CSR (possibly alongside the public key so it's backward
compatible), but server side changes take a lot more time to get
released.

I'll take a quick look at how hard it would be to write the required C
program.

-Bryce

On Wed, 01 Feb 2012 13:53:14 -0500
Maxim Potekhin <potekhin at bnl.gov> wrote:
> Bryce,
> 
> I don't have a working M2 on any of my nodes, and my attempts to
> build it failed, in one case due to an old swig and then because of
> non-standard location
> of openssl headers. The installer does not seem to be flexible enough
> to correct this quickly and w/o root access (which I don't have).
> 
> Do you think you can provide a openssl recipe? That would allow us to
> move forward, because otherwise I don't see how we can code up our
> client.
> 
> Thanks
> 
> Maxim
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <https://lists.globusonline.org/mailman/private/transfer-api/attachments/20120201/cf14c7eb/attachment.pgp>


More information about the transfer-api mailing list