Rather than storing your X.509 credentials (certificate and private key) on each machine you use, you can store them in a MyProxy repository and retrieve a proxy credential from the MyProxy repository when needed.

To store a credential in the MyProxy repository, run the myproxy-init command on a computer where your Grid credentials are located. For example:

        $ myproxy-init -a -s myproxy.ncsa.uiuc.edu
        Your identity: /C=US/O=National Computational Science Alliance/CN=Jim Basney
        Enter GRID pass phrase for this identity:
        Creating proxy ........................................... Done
        Your proxy is valid until Fri Sep 13 13:52:56 2002
        Enter MyProxy Pass Phrase:
        Verifying password - Enter MyProxy Pass Phrase:
        A proxy valid for 168 hours (7.0 days) for user jbasney now exists on myproxy.ncsa.uiuc.edu.
      

The myproxy-init command prompts first for the pass phrase of your private key (similar to grid-proxy-init) and then prompts twice for a new pass phrase to use to secure the credentials on the MyProxy server. By default, the credential is stored under your Unix username (jbasney in the example above) for 7 days and can be used to retrieve credentials with 12 hour lifetimes. Section 3, “Command-line tools” below lists all the available options for the myproxy-init command.

Once you've stored a credential in the MyProxy repository, you can retrieve a proxy credential whenever you need one with the myproxy-logon command. For example:

        $ myproxy-logon -s myproxy.ncsa.uiuc.edu
        Enter MyProxy Pass Phrase:
        A proxy has been received for user jbasney in /tmp/x509up_u500
      

The myproxy-logon command prompts for the pass phrase you set previously with myproxy-init, retrieves a proxy credential for you, and stores it in the correct default location for use with other Globus Toolkit programs. The MyProxy Command Reference lists all the available options for the myproxy-logon command.

This error appears as a mutual authentication failure or a server authentication failure, and the error message should list two names: the expected name of the MyProxy server and the actual authenticated name. By default, the MyProxy clients expect the MyProxy server to be running with a host certificate that matches the target hostname. This error can occur when running the MyProxy server under a non-host certificate or if the server is running on a machine with multiple hostnames. The MyProxy clients authenticate the identity of the MyProxy server to avoid sending passphrases and credentials to rogue servers.

If the expected name contains an IP address, your system is unable to do a reverse lookup on that address to get the canonical hostname of the server, indicating either a problem with that machine's DNS record or a problem with the resolver on your system.

If the server name shown in the error message is acceptable, set the MYPROXY_SERVER_DN environment variable to that name to resolve the problem.

This error indicates that the myproxy-server port (default: 7512) is in use by another process, probably another myproxy-server instance. You can not run multiple instances of the myproxy-server on the same network port. If you want to run multiple instances of the myproxy-server on a machine, you can specify different ports with the -p option, and then give the same -p option to the MyProxy commands to tell them to use the myproxy-server on that port.

This error indicates that the grid-proxy-init command failed when myproxy-init attempted to run it, which implies a problem with the underlying Globus installation. Run

for more information.

An error from the myproxy-server saying you are "not authorized" to complete an operation typically indicates that the myproxy-server.config file settings are restricting your access to the myproxy-server. It is possible that the myproxy-server is running with the default myproxy-server.config file, which does not authorize any operations. See Section 3, “Configuring ” for more information.