 Globus Security Infrusture - GSI For WIN32 

This directory contains the initial version of the Globus
Security Infrusture for the Win32. See http://www.globus.org

Most of the code for the Globus Security Infrastructure
in shared between UNIX and WIN32. It is maintained under UNIX
but the GSI can be pulled out for WIN32 by using tar. 

From this directory on UNIX run the win32.tar.sh script
to create a /tmp/gsi.tar file. 

The tar file can then be unziped on a WIN32 platform
using a zip program which understands tar format, such 
as winzip, http://www.winzip.com 

This code has been tested with OpenSSL-0.9.6, and should also
work with OpenSSL-0.9.4, 0.9.5a and SSLeay-0.9.0.

You will need to obtain OpenSSL from http://www.openssl.org

There are five main components of this:

  gsigss32.dll - A GSSAPI DLL which implements the IETF
  draft cbindings version 7. 

  gsilib32.dll - A DLL with the common GSI and smartcard 
  routines. 

  gaalib32.dll - A DLL with authorization routines GAA. 
  Used to check the ca_policy.conf

  *.exe - programs used to create, list and destroy  proxy
  certificate.

  sslk5.exe - A Kerberos like kinit which uses ssl for 
  authentication to a modified KDC. See
  ftp://achilles.ctd.anl.gov/pub/kerberos.v5/README.sskl5
  This requires Kerberos V5-1.0.5. Work is under way to work
  with V5-1.2.1.
  (Optional)
  
  Smart card support using PKCS#11 to allow authentication.
  This is the same interface Netscape uses to its Security
  Modules, so the same DLLs should work here. 
  Tested with Litronic and DataKey PKCS#11 implementations.
  You do not need a SDK, as the PKCS#11 headers are included,
  ad the the PKCS#11 DLL is dynamicly loaded. 
  (The Litronic also works under Solaris.)
  (Optional)
 
The Windows makefile, gsi.mak can be customized as needed.
 
 nmake -f gsi.mak

If using the Kerberos support, you will also need the MIT K5 
for Windows, and need to apply patches patch.win32.k5 
to the include\k5-in.h, lib\krb5\os\sendto_kdc.c, 
lib\krb5\krb\get_in_tkt.c, and compile them and lib\krb5\init_ctx.c 
with the -DSSLK5 flag set. The resulting DLL works with and without
SSLK5. 

The Windows Grid Proxy Init (WGPI) program is a seperate 
VC++ Project which needs access to these libs and header files. 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444
