Re: myproxy additions
Yes, we've begun work on supporting multiple credentials per username. I
should put up a web page that describes our work in progress. Basically,
we added an optional "credential name" field with an associated
command-line argument for specifying the credential name to myproxy-init
and myproxy-destroy. Our current implementation doesn't require that each
credential be stored under the same password. I'm not sure what the
benefit of that is. Right now we treat each credential as a completely
separate entity, with its own access policy, password, etc. One of the use
cases of multiple credentials is that I may want to delegate a credential
under one password to one portal without giving away the password to any
other credentials stored on myproxy. We also extended the myproxy-info
command to display information about all credentials for a given
username. Does that sound like it will meet your needs? I expect this new
functionality to appear in a release in the fall when the grad student
working on it returns from his summer internship...
At 12:18 AM 7/18/2002, Jason Novotny wrote:
> In drafting our portal design document, we came up with a couple items
> for Myproxy. Our main concern is that Myproxy be able to handle multiple
> credentials under one username. Currently, we address this limitation in
> Myproxy by using the portal to store multiple usernames assuming the same
> password is used for each credential stored. I can imagine a few simple
> protocol additions and maybe accompanying myproxy- command line tools.
> myproxy-add -s hostname -l username. Here a user just provides the
> same passphrase they used initially and then adds a credential.
> myproxy-list -s hostname -l username provides a listing of the
> credentials a user has stored.
> myproxy-destroy -s hostname -tag id. Some way of deleting a specific
> credential. Maybe the myproxy-list returns an itemized list, so
> myproxy-destroy -t 1 would delete the first credential or something like that.
> What do you think? Would your group be interested in implementing
> this-- otherwise I might begin work on it around the fall time frame if I
> can find the time ;-)
> Thanks, Jason