Access to the GRAM gatekeeper is secured via SSL (Secure Socket Layer [5]) and also conforms to the X.509 standard for certificates. The security infrastructure is similar to secure HTTP, e.g., used for secure payments via the Web.
A user has to present a valid user certificate, signed by a trusted
Certificate Authority. A signing policy is specified in
share/certificates/ ca-singing -policy.conf. To
reduce exposure of the user cert, a `proxy' with a limited lifetime
(default: 12 hrs) is created and used for authenticating the user at
all Grid resources. The user proxy is signed with the users private
key. It is stored on the local filesystem. All communications
between the GRAM gatekeeper and the submitting host is strongly
encrypted (using 1024-bits keys).
A grid-map file (etc/grid-mapfile) exists to map end-users
(using their Distinguished Name) to local user-IDs. As long as the
signing CA is trusted, we can safely assume that the identity (DN)
presented by the user is true, i.e., he is indeed the person we
thing he is.
The map-file then translates the DN to a local uid. The job will be
started by the gatekeeper under this uid. Note that the gatekeeper
should be able to setuid(2) to this user!
There is a choice on how to set up the grid-map file:
This is fundamentally insecure. But in this case the gatekeeper may run as a daemon under the uid of a generic Grid user. No root access is requires to any system.
You still need two accounts (one for the Globus install and one to run the gatekeeper). These accounts should never be combined for obvious reasons.
This requires the gatekeeper to run as uid 0 (on UNIX systems),
either as a daemon or from inetd(1M).
Of coarse, the grid-map file can be setup as a mixture of both. But in that case the gatekeeper should still run as root.