Hi Steve,
first of all thanks for the quick reply. But I'm still confused about which command I should use. You're saying > It is possible to use myproxy-get-delegation a.k.a myproxy-retrieve to get a > proxy from inside your job. But myproxy-get-delegation and myproxy-retrieve are different commands. Did you mean "myproxy-get-delegation a.k.a myproxy-logon"? About using a cron job... Do you happen to use Condor at Fermilab? If yes, why wouldn't you let Condor handle the proxy renewal? According to what I've been told in the Condor User List, it should be enough to specify the path to your local X509_USER_PROXY in the job description file in order for Condor to handle the renewal. But for some reason this is actually the point that doesn't work in my setup. And that's the reason why I'm trying to figure out how to do renew a proxy manually. By the way, by "it doesn't work" I actually mean that Condor for some reason only updates "Validity > Not Before" (= activiation date) in the proxy file and it doesn't update "Validity > Not After" (= expiration date). Do you have an idea what the problem could be? Best, Lukas -- Lukas Koschmieder Steel Institute IEHK RWTH Aachen University Intzestraße 1 52072 Aachen Germany ________________________________ From: Steven C Timm <t...@fnal.gov> Sent: Wednesday, May 30, 2018 3:12:49 PM To: Koschmieder, Lukas; gt-user@lists.globus.org Subject: Re: Renewing /tmp/x509up_u$UID It is possible to use myproxy-get-delegation a.k.a myproxy-retrieve to get a proxy from inside your job. If you use the -d (dn_as_username) option both to store and to retrieve the proxy then you don't need a passphase, the myproxy server will see the short lived proxy you already have and give you another one based on that. It can be tricky to figure out the right combination of options to store and retrieve but it can be done. At Fermilab what we do is set up a cron job behind the scenes to do this on behalf of the user.. the job submit does a myproxy-logon under the covers to store a proxy, and then there is a cron that runs to do myproxy-retrieve on a daily basis to put the actual short-lived proxy that the job will use. Steve ________________________________ From: gt-user <gt-user-boun...@lists.globus.org> on behalf of Koschmieder, Lukas <lukas.koschmie...@iehk.rwth-aachen.de> Sent: Wednesday, May 30, 2018 5:56:15 AM To: gt-user@lists.globus.org Subject: [gt-user] Renewing /tmp/x509up_u$UID Hi, In http://toolkit.globus.org/toolkit/docs/3.2/gsi/key/#delegation the GSI delegation process is briefly described where an existing proxy_n can be used to sign an subsequent proxy_n+1. Assuming that I've used myproxy-logon to created a local proxy_n /tmp/x509up_u$UID. How would I create a proxy_n+1? Am I supposed to use openssl? Or is there a globus command for that? My goal is to renew /tmp/x509up_u$UID without reentering the passphrase. Best regards, Lukas -- Lukas Koschmieder Steel Institute IEHK RWTH Aachen University Intzestraße 1 52072 Aachen Germany
