Changes between Version 18 and Version 19 of MyProxyClient


Ignore:
Timestamp:
16/12/10 07:48:54 (10 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • MyProxyClient

    v18 v19  
    1 = !MyProxyClient = 
    2 The !MyProxyClient Python package has been developed as part of development activities for the [http://ndg.nerc.ac.uk/ NERC DataGrid] Security system.  This work has been supported over the past year (2007-2008) by [http://proj.badc.rl.ac.uk/ndg/wiki/TI12_Security/OMII-UK OMII-UK]. 
    3  
    4 The implementation is based on the [http://www-new.mcs.anl.gov/fl/research/accessgrid/myproxy/myproxy.html myproxy_logon] script developed by Tom Uram of ANL.  Rather than binding to the [http://grid.ncsa.uiuc.edu/myproxy/ MyProxy] C libraries, it uses the M2Crypto Python OpenSSL library wrapper to make calls to a !MyProxy server following the [http://grid.ncsa.uiuc.edu/myproxy/protocol/ MyProxy protocol]. 
    5  
    6 == Releases == 
    7 === 1.2.2 9 December 2010 === 
    8 Fixes bug with server certificate subject name check - allow for `host/`, `myproxy/` or no prefix to subject name Common Name field. This is now applied as a default without any need to set explicitly. 
    9  
    10 === 1.2.1 18 November 2010 === 
    11 1.2.1 Fix non-ASCII character bug in `script.py`. 
    12  
    13 === 1.2.0 30 Sept 2010 === 
    14  * important fix for SSL peer verification.  Verify callback for `OpenSSL.SSL.Context.set_verify` was not enforcing the pre-verify OK code passed to it.  This means that when a DN was set as accepted it would ignore any possible error caused in verification of the server certs CA certificate chain. 
    15  * added `myproxyclient` console script contributed by Stephen Pascoe. 
    16  
    17 === 1.1.0 2 June 2010 === 
    18  * added bootstrap capability to initialise client CA certificate set-up to trust the server's SSL certificate. 
    19  
    20 === 1.0 26 April 2010 === 
    21  * This version includes a new method `getTrustRoots` to support the ability to download the CA certificates for a given !MyProxy server (command=7 - see: http://grid.ncsa.illinois.edu/myproxy/protocol/) 
    22  * 1.0 switches from M2Crypto to PyOpenSSL for its OpenSSL wrapper. 
    23  * A put method is included as a stub only.  Unfortunately, the PyOpenSSL X.509 Extensions interface doesn't support the `proxyCertInfo` extension type needed for creating proxy certificates. 
    24  
    25 == Installation == 
    26 !MyProxyClient is available from PyPI: 
    27  
    28 {{{ 
    29 $ easy_install MyProxyClient 
    30 }}} 
    31  
    32 == Example == 
    33 === API === 
    34 Retrieve credentials from a !MyProxy server running at `myproxy.localhost` on the default port: 
    35 {{{ 
    36 >>> from myproxy.client import MyProxyClient 
    37 >>> myproxy = MyProxyClient(hostname='myproxy.localhost') 
    38 >>> credentials = myproxy.logon('myusername', 'mypassword', bootstrap=True) 
    39 }}} 
    40 `credentials` is a tuple containing certificate(s) and private key as strings.  The `bootstrap` flag bootstraps the trust roots for the server downloading the CA certificate(s) to `~/.globus/certificates`. 
    41  
    42 === Console Script === 
    43 The script follows a similar form to the myproxy-* executables included with the MyProxy C distribution: 
    44 {{{ 
    45 $ myproxyclient -h 
    46 Usage: myproxyclient [command] [options] 
    47  
    48 commands: 
    49   logon        Retrieve credentials from a MyProxy service 
    50  
    51  
    52 Options: 
    53   -h, --help            show this help message and exit 
    54   -o OUTFILE, --out=OUTFILE 
    55                         Set the file to store the retrieved creentials. If not 
    56                         specified credentials will be stored in 
    57                         X509_USER_PROXY environment variable.  To write the 
    58                         credential tostdout use -o -. 
    59   -C CADIR, --cadir=CADIR 
    60                         Set location of trusted certificates.  By default this 
    61                         is the X509_CERT_DIR  environment variable or 
    62                         ~/.globus/certificates or /etc/grid-security. 
    63   -s HOSTNAME, --pshost=HOSTNAME 
    64                         Set hostname of myproxy server 
    65   -p PORT, --psport=PORT 
    66                         Set port of myproxy server 
    67   -t PROXY_LIFETIME, --proxy_lifetime=PROXY_LIFETIME 
    68                         Set proxy certificate Lifetime (hours) 
    69   -S, --stdin_pass      Read the password directly from stdin 
    70   -b, --bootstrap       Download trusted CA certificates 
    71   -T, --trustroots      Update trustroots 
    72   -l USERNAME, --username=USERNAME 
    73                         Set username 
    74 }}} 
    75 Logon call using `$LOGNAME` as the default username: 
    76 {{{ 
    77 $ myproxyclient logon -s myproxy.somewhere.ac.uk -o ~/creds.pem 
    78 }}} 
    79 Logon as user `me` call bootstrapping trust and downloading trust roots 
    80 {{{ 
    81 $ myproxyclient logon -b -T -s myproxy.somewhere.ac.uk -l me -o ~/creds.pem 
    82 }}} 
    83 Only the `logon` command is currently supported for this console script.  Other commands may be added in future releases. 
    84  
    85 == Documentation == 
    86 epydoc generated [http://packages.python.org/MyProxyClient/ documentation] is available at the Python package site. 
    87  
    88 == !SubVersion Repository == 
    89 See http://proj.badc.rl.ac.uk/ndg/browser/TI12-security/trunk/MyProxyClient 
    90 ---- 
    91 NDG3: [wiki:Capability], [wiki:Discovery], [wiki:Vocab], [wiki:Software], [wiki:MOLES], [wiki:Security], [wiki:Community], [wiki:Roadmap], [wiki:Management]