[transfer-api] the ID

Maxim Potekhin potekhin at bnl.gov
Fri Feb 3 14:47:56 CST 2012


Hi Bryce,

thanks for the note. As you suggested, I'm taking this exchange back to 
the list.

  Comments/questions in-line:

> Endpoint activation is tied to a specific endpoint and a specific
> globusonline user. So if all the nodes are connecting as the same user,
> the endpoint only needs to be activated once, at least until the
> credential expires.

Yes. Is there a way to check if it's activated? I'm sure there is, just 
can't scroll fast enough
through the code. I would then check in the pilot job and inform the 
user that activation
expired, if that's the case. What expiry period do you recommend as good 
practice?


> If you have a credential stored in a myproxy server, you can just use
> the myproxy activation method instead of delegate_proxy, as long as you
> don't mind sending the password to GO.
That's not an option, unfortunately. I wish there was a password-less 
way to access
myproxy -- which does exist in the myproxy client but is not supported 
through GO.


So, to recap, do you think the following scenario would work, on my 
semi-functional
platform:
a) users are required to periodically create a X509 proxy on a 
particular host and activate their
end-points (done by each user separately) by delegation
b) pilots do not activate end-points but watch their expiration and 
e-mail the user if there is a problem

Just out of curiosity, back to my question -- at least in theory, can I 
put a signed credential on
myproxy and pull it into the pilot job if necessary for delegation? I'm 
not saying this is the way I'll
go, just want to see if that's an option.

Thank you so much for your help

Maxim



More information about the transfer-api mailing list