It is possible to use myproxy-get-delegation a.k.a myproxy-retrieve to get a proxy from inside your job.
If you use the -d (dn_as_username) option both to store and to retrieve the proxy then you don't need a passphase, the myproxy server will see the short lived proxy you already have and give you another one based on that. It can be tricky to figure out the right combination of options to store and retrieve but it can be done. At Fermilab what we do is set up a cron job behind the scenes to do this on behalf of the user.. the job submit does a myproxy-logon under the covers to store a proxy, and then there is a cron that runs to do myproxy-retrieve on a daily basis to put the actual short-lived proxy that the job will use. Steve ________________________________ From: gt-user <gt-user-boun...@lists.globus.org> on behalf of Koschmieder, Lukas <lukas.koschmie...@iehk.rwth-aachen.de> Sent: Wednesday, May 30, 2018 5:56:15 AM To: gt-user@lists.globus.org Subject: [gt-user] Renewing /tmp/x509up_u$UID Hi, In http://toolkit.globus.org/toolkit/docs/3.2/gsi/key/#delegation the GSI delegation process is briefly described where an existing proxy_n can be used to sign an subsequent proxy_n+1. Assuming that I've used myproxy-logon to created a local proxy_n /tmp/x509up_u$UID. How would I create a proxy_n+1? Am I supposed to use openssl? Or is there a globus command for that? My goal is to renew /tmp/x509up_u$UID without reentering the passphrase. Best regards, Lukas -- Lukas Koschmieder Steel Institute IEHK RWTH Aachen University Intzestraße 1 52072 Aachen Germany
