Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

glideinWMS experience with glexec

Conference · · J.Phys.Conf.Ser.
 [1];  [2];  [2];  [3];  [1];  [1];  [4];  [5]
  1. UC, San Diego
  2. Wisconsin U., Madison
  3. Fermilab
  4. Nebraska U.
  5. INFN, Bologna
+ Show Author Affiliations
Multi-user pilot infrastructures provide significant advantages for the communities using them, but also create new security challenges. With Grid authorization and mapping happening with the pilot credential only, final user identity is not properly addressed in the classic Grid paradigm. In order to solve this problem, OSG and EGI have deployed glexec, a privileged executable on the worker nodes that allows for final user authorization and mapping from inside the pilot itself. The glideinWMS instances deployed on OSG have been now using glexec on OSG sites for several years, and have started using it on EGI resources in the past year. The user experience of using glexec has been mostly positive, although there are still some edge cases where things could be improved. This paper provides both the usage statistics as well as a description of the still remaining problems and the expected solutions.
Research Organization:
Fermi National Accelerator Laboratory (FNAL), Batavia, IL (United States)
Sponsoring Organization:
USDOE Office of Science (SC), High Energy Physics (HEP) (SC-25)
DOE Contract Number:
AC02-07CH11359
OSTI ID:
1405154
Report Number(s):
FERMILAB-CONF-12-833-CD; 1211266
Conference Information:
Journal Name: J.Phys.Conf.Ser. Journal Volume: 396
Country of Publication:
United States
Language:
English

Similar Records

Addressing tokens dynamic generation, propagation, storage and renewal to secure the GlideinWMS pilot based jobs and system
Conference · Sun Jun 08 00:00:00 EDT 2025 · No journal information · OSTI ID:2569135
Addressing tokens dynamic generation, propagation, storage and renewal to secure the GlideinWMS pilot based jobs and system
Conference · Mon Nov 04 23:00:00 EST 2024 · OSTI ID:2476995
Transitioning GlideinWMS, a multi domain distributed workload manager, from GSI proxies to tokens and other granular credentials
Journal Article · Mon May 06 00:00:00 EDT 2024 · EPJ Web of Conferences (Online) · OSTI ID:2468773

Related Subjects