[transfer-api] the ID
ballen at ci.uchicago.edu
Fri Feb 3 17:27:04 CST 2012
On Fri, 03 Feb 2012 15:47:56 -0500
Maxim Potekhin <potekhin at bnl.gov> wrote:
> Is there a way to check if it's activated?
Both the endpoint document and activation_requirements documents
contain the current activation state.
_, _, data = api.endpoint(name)
If all you care about is T/F:
print api.endpoint(name, fields="activated")["activated"]
> > If you have a credential stored in a myproxy server, you can just
> > use the myproxy activation method instead of delegate_proxy, as
> > long as you don't mind sending the password to GO.
> That's not an option, unfortunately. I wish there was a password-less
> way to access
> myproxy -- which does exist in the myproxy client but is not
> supported through GO.
Do you mean using Kerberos or X.509 authentication instead of password
authentication, or using the -r/-R/-Z options? It may be possible for
GO to support this in the future. It would require GO to have a
credential that is trusted by the myproxy server, and then users could
specify that the DN of the GO credential has access with -r. I think
there is already work going on for automatic renewal; it might be some
variation on this method.
> So, to recap, do you think the following scenario would work, on my
> a) users are required to periodically create a X509 proxy on a
> particular host and activate their
> end-points (done by each user separately) by delegation
> b) pilots do not activate end-points but watch their expiration and
> e-mail the user if there is a problem
Yes that should work.
> Just out of curiosity, back to my question -- at least in theory, can
> I put a signed credential on
> myproxy and pull it into the pilot job if necessary for delegation?
> I'm not saying this is the way I'll
> go, just want to see if that's an option.
I'm not sure what you mean. If the machine running the pilot job had
mkproxy or M2Crypto, it could use myproxy-logon to get the credential,
then use delegate_proxy activation with that credential. If the
credential was protected only by passphrase and the server publicly
accessible (or at least to GO), then you could use the myproxy
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: not available
More information about the transfer-api