The globus-gatekeeper program is a meta-server similar to
inetd or*xinetd* that starts other services after authenticating a
TCP connection using GSSAPI and mapping the client’s credential to a
local account.
The most common use for the globus-gatekeeper program is to
start instances of the globus-job-manager(8) service. A single
globus-gatekeeper deployment can handle multiple different service
configurations by having entries in the /etc/grid-services/ directory.
Typically, users interact with the globus-gatekeeper
program via client applications such as globusrun(1),
globus-job-submit(1), or tools such as CoG jglobus or Condor-G.
The full set of command-line options to globus-gatekeeper
consists of:
-help
Display a help message to standard error and exit
-conf PARAMETER_FILE
Load configuration parameters from PARAMETER_FILE.
The parameters in that file are treated as additional command-line
options.
-test
Parse the configuration file and print out the POSIX user
id of the globus-gatekeeper process, service home directory, service
execution directory, and X.509 subject name and then exits.
-d, -debug
Run the globus-gatekeeper process in the
foreground.
-inetd
Flag to indicate that the globus-gatekeeper
process was started via inetd or a similar super-server. If this flag
is set and the globus-gatekeeper was not started via inetd, a warning
will be printed in the gatekeeper log.
-f
Flag to indicate that the globus-gatekeeper
process should run in the foreground. This flag has no effect when the
globus-gatekeeper is started via inetd.
-p PORT, -port PORT
Listen for connections on the TCP/IP port PORT.
This option has no effect if the globus-gatekeeper is started via inetd
or a similar service. If not specified and the gatekeeper is running as root,
the default of 2119 is used. Otherwise, the gatekeeper defaults to an
ephemeral port.
-home PATH
Sets the gatekeeper deployment directory to PATH.
This is used to interpret relative paths for accounting files, libexecdir,
certificate paths, and also to set the GLOBUS_LOCATION environment variable in
the service environment. If not specified, the gatekeeper looks for service
executables in /usr/sbin, configuration in /etc, and writes logs and
accounting files to /var/log.
-l LOGFILE, -logfile
LOGFILE
Write log entries to LOGFILE. If LOGFILE is
equal to logoff or LOGOFF, then logging will be disabled, both to file and to
syslog.
-lf LOG_FACILITY
Open syslog using the LOG_FACILITY. If not
specified, LOG_DAEMON will be used as the default when using syslog.
<option>-acctfile
ACCTFILE</option>
Set the path to write accounting records to
ACCTFILE. If not set, records will be written to the log file.
-e LIBEXECDIR
Look for service executables in LIBEXECDIR. If not
specified, the sbin subdirectory of the parameter to -home is used, or
/usr/sbin if that is not set.
-launch_method fork_and_exit |
fork_and_wait | dont_fork
Determine how to launch services. The method may be
either fork_and_exit (the service runs completely independently of the
gatekeeper, which exits after creating the new service process), fork_and_wait
(the service is run in a separate process from the gatekeeper but the
gatekeeper does not exit until the service terminates), or dont_fork, where
the gatekeeper process becomes the service process via the exec()
system call.
-grid_services SERVICEDIR
Look for service descriptions in SERVICEDIR.
-globusid GLOBUSID
Sets the GLOBUSID environment variable to
GLOBUSID. This variable is used to construct the gatekeeper contact
string if it can not be parsed from the service credential.
-gridmap GRIDMAP
Use the file at GRIDMAP to map GSSAPI names to
POSIX user names.
-x509_cert_dir TRUSTED_CERT_DIR
Use the directory TRUSTED_CERT_DIR to locate
trusted CA X.509 certificates. The gatekeeper sets the environment variable
X509_CERT_DIR to this value.
-x509_user_cert CERT_PATH
Read the service X.509 certificate from CERT_PATH.
The gatekeeper sets the X509_USER_CERT environment variable to this
value.
-x509_user_key KEY_PATH
Read the private key for the service from
KEY_PATH. The gatekeeper sets the X509_USER_KEY environment variable to
this value.
-x509_user_proxy PROXY_PATH
Read the X.509 proxy certificate from PROXY_PATH.
The gatekeeper sets the X509_USER_PROXY environment variable to this
value.
-k
Use the <command>globus-k5</command> command
to acquire Kerberos 5 credentials before starting the service.
-globuskmap KMAP
Use KMAP as the path to the Grid credential to
kerberos initialization mapping file.
-pidfile PIDFILE
Write the process id of the globus-gatekeeper to
the file named by PIDFILE.