This is MyProxy v5.0 4 Dec 2009. This version should be protocol compatible with all versions since v0.2. Binary compatibility of the C API is not guaranteed between releases. Version History --------------- v5.0 4 Dec 2009 - add Globus Usage Metrics to the myproxy-server - in myproxy-server, atomically update credential files and avoid unnecessary file copies; NOTE API CHANGE: myproxy_creds_store() now moves file to the repository, rather than copying it - add myproxy-server.config request_size_limit parameter to control myproxy-server network limits, and fix network limit handling to apply only to myproxy-server (not clients), so clients can handle large X509_CERT_DIR contents (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6889) - include extendedKeyUsage=clientAuth in EECs by default per GFD.125 - add myproxy-logon/myproxy-get-trustroots -b option to allow bootstrapping CA trust even when X509_CERT_DIR exists (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6886) - myproxy-logon -T / myproxy-get-trustroots fixes/improvements: - when cleaning bad CRLs, also remove any CRLs we can't parse - when recovering from CRL errors, allow anonymous authentication on second attempt, just like first attempt - when bootstrapping, restrict CA trust to only the one certificate subject needed, rather than a wildcard v4.9 2 Nov 2009 - fix support for "check_multiple_credentials true" in myproxy-server.config, disabled since v4.4 (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6878); changes include: - limit check_multiple_credentials functionality to GET requests (myproxy-logon) only - in authorization failures, give underlying error message rather than check_multiple_credentials unique error message - add myproxy-test cases for check_multiple_credentials and myproxy-admin-query v4.8 10 Sep 2009 - add myproxy-server.config proxy_extfile and proxy_extapp options for including custom certificate extensions in proxy certificates issued from the MyProxy repository (analogous to certificate_extfile and certificate_extapp for the CA module); requires GT 4.2.0 libraries (or later) (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6786) - look for VOMS header files in include/voms directory for compatibility with Fedora's VOMS package (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6847) - exit with an error message when --voms and -o - are used together in myproxy-logon (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6807) - fix a memory error in myproxy-info/myproxy-destroy error handling (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6849) - check myproxy-server.config lines for correct number of arguments (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6852) v4.7 6 May 2009 - in myproxy-get-trustroots and myproxy-logon -T, update files atomically (using rename) rather than overwriting - add myproxy-get-trustroots.cron example for keeping /etc/grid-security/certificates up-to-date - support linking against flavored VOMS libraries - fix "self-authorization" check for CA requests (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6713) - check certificate requests and issued certificates in the CA: (http://bugzilla.globus.org/globus/show_bug.cgi?id=6648) - add certificate_request_checker and certificate_issuer_checker options in myproxy-server.config for specifying call-outs before and after the MyProxy CA signs certificates - example myproxy-cert-checker and myproxy-certreq-checker call-outs are installed in $GLOBUS_LOCATION/share/myproxy - only accept RSA keys in certificate requests - don't allow RSA exponents < 65537 - add min_keylen option in myproxy-server.config for specifying a minimum allowed RSA key length - add syslog_facility option in myproxy-server.config to configure the myproxy-server to log to the specified syslog facility; the default is the "daemon" facility (http://bugzilla.globus.org/globus/show_bug.cgi?id=6717) - added an example in myproxy-accepted-credentials-mapapp of how to ban users (http://myproxy.ncsa.uiuc.edu/blacklist.html) - added myproxy-admin-query -o option to query by owner DN - replace fixed-length buffer in read_data_file() (credential repository file parser) with dynamically-sized buffer to support credentials with policies longer than 511 characters (http://bugzilla.globus.org/globus/show_bug.cgi?id=6723) - added certificate_serial_skip in myproxy-server.config to support staggered serial numbers across multiple CA instances - added certificate_issuer_hashalg in myproxy-server.config to configure the MyProxy CA to issue certificates using SHA-2 hash algorithms (SHA-224, SHA-256, SHA-384, SHA-512) rather than SHA-1 (the default). Requires OpenSSL 0.9.8 or later. v4.6 25 Mar 2009 - add myproxy-get-trustroots command to download trusted CA certificates without client-side authentication (http://bugzilla.globus.org/globus/show_bug.cgi?id=5899) - add sasl_mech, sasl_serverFQDN, and sasl_user_realm options to myproxy-server.config - include certificate subject in myproxy-admin-adduser output (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6324) - handle error response message from myproxy-server during delegation (http://bugzilla.ncsa.uiuc.edu/show_bug.cgi?id=359) v4.5 12 Feb 2009 - in myproxy-server, disallow release of a credential based only on authentication with a client credential of the same subject (i.e., self-renewal) unless "allow_self_authorization true" is specified in myproxy-server.config (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6630) - fix myproxy-logon --voms interaction with --out option (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6612) - implement stricter checks on myproxy-server storage directory security using Safefile's safe_is_path_trusted_r() (http://pages.cs.wisc.edu/~kupsch/safefile/); for now, these checks result in WARNING messages rather than errors - added myproxy-server --portfile option, useful when binding to a random available port via myproxy-server --port 0 (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6623) v4.4 12 Dec 2008 - allow $MYPROXY_SERVER and -s command-line options to be a comma-separated list of hostnames to try to connect to - in myproxy-server, fail on startup or reconfig with an "unsafe policy" error if a policy of trusted_retrievers "*" is specified without also specifying a restrictive default_trusted_retrievers policy, to avoid an unsafe policy that could release credentials to any client without additional authentication. - in myproxy-server, log info for the received client request before the authorization check, so we have the request info for troubleshooting purposes even if the request is denied. - in myproxy-server, fail on startup if PAM, SASL, or OCSP is configured in myproxy-server.config but the needed libraries are not linked in - fix problem with OpenSSL engine (for HSM support) being shutdown on child process failures - fix bug when issuing certificates with subject containing "//" (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6488) - add support for multiple --voms options to myproxy-init/logon (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6436) - added myproxy-info --credname option (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6561) - for myproxy-logon -T, bootstrap the trusted certificates directory atomically (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6432) - for myproxy-logon --voms, request the correct proxy type from voms-proxy-init - added example myproxy-revoke and myproxy-crl.cron scripts for revoking certificates issued by the MyProxy CA and generating CRLs - added max_cred_lifetime option in myproxy-server.config to limit the lifetime of credentials stored in the repository v4.3 2 Sep 2008 - improve MyProxy CA error message on incorrect passphrase. specifically, in myproxy-server, if passphrase in the request is non-empty, fail immediately if it can't be verified, rather than trying other methods; this forces other authentication methods (SASL, renewal) to send an empty passphrase (which current clients do by default), but it results in a better error message in the common case when an incorrect passphrase is given. also stop appending "invalid pass phrase" to the more specific error message from PAM or OpenSSL. - fix -m command-line option for myproxy-init and myproxy-logon - fix myproxy-init --voms with GT_PROXY_MODE="old" - in myproxy-init --voms, use voms-proxy-init -vomslife so VOMS AC lifetime matches proxy lifetime - if myproxy-init --local_proxy and --voms options are used together, only call voms-proxy-init once, and use that proxy to create the local proxy (via grid-proxy-init) - add a default timeout of 120 seconds for myproxy-server child processes to service requests before aborting, customizable via the myproxy-server.config request_timeout parameter - in myproxy-server, read incoming messages up to 1MB maximum to avoid memory exhaustion under heavy load - on myproxy-server startup, perform more sanity checks before fork to become daemon so exit status of original process is set to 1 on errors (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=6325) - in myproxy-server, don't re-read config file automatically on changes (i.e., undo change in v4.2); instead, re-read on SIGHUP (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=5627) - add reconfig method to etc.init.d.myproxy - make myproxy-admin-adduser less verbose by only showing the output of grid-cert-request on errors - added myproxy-admin-adduser -p option for specifying the CA private key password using openssl format (see the PASS PHRASE ARGUMENTS section in the openssl(1) man page) - associate "Connection from xxx.xxx.xxx.xxx" syslog message with child pid so it matches up with other syslog messages for that client v4.2 10 Jan 2008 - add support for $GT_PROXY_MODE="rfc" in myproxy-init - in the myproxy-server, no longer default to issuing a "legacy globus proxy" from an end-entity certificate; instead, issue the default proxy type according to the GSI library version - drop support for $GT_PROXY_MODE="old" in myproxy-logon; however, myproxy-init still supports $GT_PROXY_MODE="old" - in myproxy-server, re-read config file automatically on changes - fixes for newer OpenSSL versions used in GT 4.2 - fixes for MIT Kerberos 1.6 support (via SASL) v4.1 10 Sep 2007 - in myproxy-server, listen on $MYPROXY_SERVER_PORT if defined - for myproxy-logon/myproxy-retrieve -T, fix handling of zero length files and process only regular files (not subdirectories) v4.0 11 Jul 2007 - add myproxy-server-setup script for simple server install - fix myproxy-logon/myproxy-retrieve -T bug that caused trust bootstrap to fail when no certificates directory exists - add myproxy-admin-load-credential --retrieve_key and --retrievable_by_cert options - add myproxy-admin-addservice for distributing host/service credentials v3.9 12 Jun 2007 - update myproxy-logon/myproxy-retrieve -T behavior: - if no certificates directory exists, install the myproxy-server's CA certificate to bootstrap trust - if authentication to the myproxy-server fails due to a CRL error, remove problematic CRL file(s) and retry - if running as root, store trust roots in /etc/grid-security/certificates rather than ~root/.globus/certificates and credentials in /etc/grid-security/hostcert.pem/hostkey.pem - add --voms options to myproxy-init and myproxy-logon to add VOMS attributes, analogous to voms-proxy-init -voms; requires voms-proxy-init to be installed and configured - add myproxy-admin-query --config option v3.8 13 Apr 2007 - drop support for Globus Toolkit versions 3.0 and 2.4 - fix myproxy-replicate errors for credentials with usernames or crednames containing spaces - fix server-side problem when linking against globus_gssapi_gsi version 4.12 and later that causes "no shared cipher" errors - return more concise error messages to clients for common errors, with additional diagnostics written to the server log - fix configure check for OCSP functions in OpenSSL for enabling OCSP support - for --help, --usage, and --version options, exit with status 0 after printing help/usage/version information - add OpenSSL Engine support in the MyProxy CA to enable the use of hardware tokens via new myproxy-server.config certificate_openssl_engine options - check if client authenticates with a limited proxy, and if so, only allow the client to obtain another limited proxy, unless ignore_globus_limited_proxy_flag is set in myproxy-server.config - optionally store all certificates issued by the MyProxy CA in a directory via the certificate_out_dir myproxy-server.config option v3.7 12 Dec 2006 - fix handling of usernames containing '/', '-', and '.' characters; note this required a change to the myproxy-server repository format, so credential data files written by a new myproxy-server won't be readable by an older myproxy-server - verify that credentials in the myproxy-server repository are still valid (i.e., not revoked) before performing delegation - added myproxy-admin-query --invalid option for listing, locking, or removing invalid credentials from repository - optionally check OCSP status of stored credentials before performing delegation via myproxy-server.config ocsp settings; requires GT 3.2 (OpenSSL 0.9.7) or later - update etc.init.d.myproxy script to use pidfile to locate server to stop (rather than searching ps output), include a restart option, and exit with error if $GLOBUS_LOCATION isn't set - if the myproxy-server hostname given by $MYPROXY_SERVER or the -s option resolves to multiple IP addresses, clients will connect to each address until a connection is established or all fail - added accepted_credentials_mapapp call-out version of accepted_credentials_mapfile in myproxy-server.config - support unencrypted, although still signed, Pubcookie granting cookies as passwords - added myproxy-server.config syslog_ident option - improved MyProxy CA logging - added myproxy-server --listen to specify host/ip to bind to v3.6 10 Aug 2006 - support credential renewal via the MyProxy CA using myproxy-server.config authorized_renewers/default_renewers options - provide an access control list for storing credentials via the myproxy-server.config accepted_credentials_mapfile option - fix insecure temporary file handling in myproxy-admin-adduser - fix insecure input handling in myproxy-get-delegation.cgi example - support VOMS attributes in myproxy-server.config policies - in CA, issue certificates valid starting 5 minutes in the past to account for possible clock skew between hosts - add check_multiple_credentials option in myproxy-server.config to allow clients to retrieve a credential for a given username even if the associated "credential name" isn't provided (via myproxy-logon --credname) v3.5 14 Mar 2006 - dropped support for certificate_issuer option in myproxy-server.config; use certificate_issuer_cert instead - added myproxy_accept_delegation_ex() to retrieve credentials to a buffer rather than a file - in myproxy-logon, added support for writing credential to standard output via '-o -' option; also added --quiet option - added myproxy-logon --no_credentials option to authenticate without retrieving credentials - added certificate_mapapp call-out for mapping usernames to certificate subject distinguished names for the CA module - added certificate_extfile and certificate_extapp (call-out) for setting extensions in certificates issued by CA module - do not indicate in info command error output whether credentials owned by someone else exist, to avoid giving potentially useful information to an attacker - delegate credentials with minimum lifetime of 5 minutes to avoid problems with clock skew - fixed build problem with GT 2.4/3.0 introduced in v3.4: EVP_MD_CTX_cleanup() wasn't in OpenSSL 0.9.6 v3.4 19 Dec 2005 - added myproxy-test -valgrind option for detecting memory errors - fixed memory errors found with myproxy-test -valgrind - fixed handling of lifetime=0 requests in myproxy-server v3.3 2 Dec 2005 - API changes: new trusted_retrievers member for struct myproxy_creds and struct myproxy_request_t - generate 1024 bit keys instead of 512 bit keys - add support for certificate-only authentication to the myproxy-server via myproxy-init -Z and myproxy-server.config trusted_retrievers options - add support for CA username to DN resolution via LDAP using myproxy-server.config ca_ldap options - add myproxy-server authentication support for Pubcookie (http://www.pubcookie.org/) granting cookie via pubcookie_granting_cert and pubcookie_app_server_key myproxy-server.config options - add myproxy-init --local_proxy option to create a local proxy credential after storing a credential on the myproxy-server - add myproxy-init --keyfile/--certfile options - fix segmentation fault on reverse lookup in client - fix SASL build problems on Darwin - fix client-side memory leak in GSI_SOCKET_authentication_init() - in CA, use SHA1 instead of MD5 digest algorithm, set CA:FALSE in X509v3 Basic Constraints, include X509v3 Subject Key Identifier, and optionally set email X509v3 Subject Alternative Name using certificate_issuer_email_domain in myproxy-server.config - support alternate syntax "min max" for GLOBUS_TCP_PORT_RANGE and improve error handling and documentation for this environment variable v3.2 11 Oct 2005 - fix fd_set compiler error introduced in v3.1 v3.1 11 Oct 2005 - fix compilation problem on platforms without setenv() v3.0 28 Sep 2005 - add ability for myproxy-server to act as a CA by setting certificate_issuer options in myproxy-server.config - fix for static builds using 'gpt-build -static' - fixes for SASL support - increased myproxy-server's listen(2) backlog for improved scalability - modify myproxy-test to use "$LOGNAME.myproxy-test" for a username to avoid overwriting any existing credentials - include configured trusted certificate directory in debug/verbose output - install example myproxy-server.config to $GLOBUS_LOCATION/share/myproxy instead of potentially overwriting existing version in $GLOBUS_LOCATION/etc - warn on unknown directives in myproxy-server.config v2.3 28 Jul 2005 - fix AIX compliation problems in PAM module v2.2 14 Jul 2005 - fix TRU64 compilation problem - for --dn_as_username option, get DN from user proxy if available rather than requiring access to user certificate v2.1 6 Jul 2005 - fix compilation problem for ISO C89 compilers - fix myproxy-init compatibility with Java CoG grid-proxy-init in PATH (use grid-proxy-init -hours instead of -valid) - improve PAM error messages - fix error message on server-side authorized_renewers check - perform reverse lookup on server IP address for authorization consistency with other GSI clients - removed myproxy_resolve_hostname() from API v2.0 8 Jun 2005 - unified versioning with GPT packaging - added native PAM support (not requiring SASL) - added support for managing trusted CA certificates using myproxy-logon/myproxy-retrieve -T option - added the myproxy-replicate utility for managing multiple myproxy-server repository replicas for high availability - added myproxy_version() and myproxy_check_version() functions to verify headers match the shared library in use - fixed bug in previous version that caused myproxy-get-delegation not to be included in binary GPT installs - use system getopt_long() if available; otherwise, use included getopt_long from NetBSD instead of GNU version as previous - fixed server side bug where the default_key_retrievers policy was always applied even if the credential had a key retriever policy - fixed myproxy-test GT 2.4 compatibility problem in v0.6.5 - fixed myproxy_get_delegation() signature, erroneously changed in v0.6.2, to maintain API-level compatibility - added dynamic buffer management for improved handling of large messages v0.6.5 8 Apr 2005 (GPT package version 1.17) - added support for RFC 3820 proxy certificate format - renamed myproxy-get-delegation to myproxy-logon; kept myproxy-get-delegation symlink for backward compatibility - added myproxy-store and myproxy-retrieve commands for storing and retrieving credentials directly to/from the repository; note myproxy-retrieve support must be explicitly enabled by setting authorized_key_retrievers in myproxy-server.config - write temp proxy to /tmp/myproxy-proxy.. instead of /tmp/myproxy-proxy. so we can run more than one myproxy-init in an account at a time - added myproxy-test -performance option for performance testing - fixed potential logging race condition when running myproxy-server in verbose mode - fixed potential network race condition in myproxy-init - for myproxy-admin-change-pass, only prompt for existing password if existing credential is encrypted - check for invalid options passed to myproxy commands - fixed a myproxy-admin-change-pass segmentation fault when the storage directory is invalid - improve error messages for too-short passphrases (6 character minimum) v0.6.4 4 Jan 2005 (GPT package version 1.16) - fixed file permission bug in myproxy-admin-load-credential v0.6.3 22 Nov 2004 (GPT package version 1.15) - updated GPT packaging for compatibility with GT 3.9.3 (globus_gssapi_gsi-4.0) - added support for $GT_PROXY_MODE="old" in myproxy-get-delegation, to retrieve a "legacy globus proxy" from an end-entity certificate stored in the MyProxy repository. - modified client tools to attempt connecting to the server first, before prompting for user input, to catch server problems early. - added initial experimental support for Kerberos authentication via the SASL/GSSAPI mechanism. - removed dependency on perl Expect package in myproxy-test - added myproxy-test -startserver option - added myproxy-server --pidfile option to ease myproxy-server shutdown v0.6.2 21 Jun 2004 (GPT package version 1.14) - added initial experimental support for PAM authentication via the SASL/PLAIN mechanism. - changed myproxy-admin-change-pass so an empty pass phrase can be used for unencrypted keys (for example, for renewal keys) - fixed myproxy-admin-adduser to not depend on nonexistent myproxy-admin-adduser-config command - removed pass phrase functions from myproxy-admin-load-credential, so the existing pass phrase on the source key is kept as is. Use myproxy-admin-change-pass to change the pass phrase of a credential after loading. - fixed GT 2.2 and Java CoG incompatibility introduced in v0.6.1. Note: if repository contains end-entity credentials, Java CoG will retrieve old-style (legacy) proxies because the Java CoG certificate request doesn't specify the proxy type. - changed signature of myproxy_get_delegation() method. original signature is restored in v2.0. v0.6.1 30 Mar 2004 (GPT package version 1.13) Fixed a bug where the myproxy-server would always delegate new-style proxy credentials from end-entity credentials in repository. The myproxy-server now respects proxy type in the certificate request when end-entity credentials are stored in repository. However, if the repository contains proxy credentials, the server will delegate a proxy of the same type as stored in the repository irrespective of the certificate request, because new-style and old-style proxies can't be mixed. This bug fix resulted in an incompatibility with GT 2.2 and Java CoG clients, fixed in v0.6.2. v0.6.0 22 Mar 2004 (GPT package version 1.12) - added max_proxy_lifetime server configuration option for limiting the lifetime of retrieved credentials v0.5.9 28 Jan 2004 (GPT package version 1.11) - removed requirement for /dev/urandom and instead let OpenSSL seed its random number generator itself using its standard methods - added myproxy-admin-change-pass command - changed myproxy-get-delegation -d option to have effect even when -a option is not given - added support for OpenSSL 0.9.7 v0.5.8 23 Sep 2003 (GPT package version 1.10) - fixed networking problem with v0.5.7 on some platforms v0.5.7 25 Aug 2003 (GPT package version 1.9) - fixed additional problems with handling large credentials - bugfix: myproxy-admin-load-credential fails to prompt for passphrase of source credential in versions 0.5.4-0.5.6. v0.5.6 31 Jul 2003 (GPT package version 1.8) - added support for Globus Toolkit 3.0 libraries - added support for new GSI proxy certificate format - fixed 'myproxy-info -d' - fixed credential problem when using Globus Toolkit 2.4 libraries - removed buffer length restriction in credential renewal protocol v0.5.5 30 May 2003 (GPT package version 1.7) - added support for Globus Toolkit 2.4 libraries - added support for external passphrase quality enforcement with passphrase_policy_program command in myproxy-server.config - added support for locking credentials via myproxy-admin-query - included example myproxy.cron script for removing expired credentials - fixed problems with installed headers - added MYPROXY_SERVER_PORT environment variable v0.5.4 2 May 2003 (GPT package version 1.6) - myproxy-admin-adduser command added - default lifetime of delegated proxies changed to 12 hours instead of 2 - --passphrase option added to myproxy-admin-load-credential - new options (including remove option) added to myproxy-admin-query - compatibility problem with v0.2 (introduced in v0.5.0) fixed - OSX build problem fixed - support for delegating proxies with maximum lifetime added v0.5.3 19 Mar 2003 (GPT package version 1.5) This version fixes a build problem on AIX. v0.5.2 10 Mar 2003 (GPT package version 1.4) This version adds the myproxy-admin-query and myproxy-admin-load-credential commands and adds support for running the myproxy-server with a /CN=myproxy/fqhn credential. v0.5.1 12 Feb 2003 (GPT package version 1.3) This release fixes a bug where the X509_USER_CERT and X509_USER_KEY environment variables would confuse myproxy-init. v0.5.0 15 Nov 2002 (GPT package version 1.2) This is the first version for Globus Toolkit 2.2. It adds support for storing multiple credentials per username, stores private keys encrypted with the credential's passphrase (if set), and adds the myproxy-change-pass-phrase command. It is also the first version to be released unter the NCSA Open Source license. Note that due to version incompatibilities with Globus Toolkit 2.2 libraries and the Java CoG (not specific to MyProxy), this and future versions of MyProxy are not compatible with Java CoG versions before 1.0. v0.4.6 3 Sep 2002 (GPT package version 1.1) This version adds sample init.d and xinetd entries in the GPT package. v0.4.5 28 Aug 2002 (GPT package version 1.0) This is the first version packaged with GPT. In addition to changes for GPT compatibility, it contains minor changes to some MyProxy debug messages. v0.4.4 22 Mar 2002 This version adds the myproxy-info command. v0.4.3 6 Mar 2002 This version adds support for per-credential authorization. Users can specify retrieval/renewal policies for a credential on upload using myproxy-init. v0.4.2 4 Feb 2002 This version includes the GSI distinguished name matching logic that was removed in v0.4.0, so for example host/fqhn will now match fqhn again. It also adds support for restricting the TCP port ranges of the clients. v0.4.1 4 Dec 2001 This version adds support for Globus 2.0 and optionally using the distinguished name from the proxy certificate as the default myproxy username. v0.4.0 20 Nov 2001 This version adds support for anonymous X.509 client authentication, to allow users to retrieve a credential using their myproxy passphrase when they don't already have a credential. The myproxy server configuration file can enable or disable anonymous and certificate-based (from v0.3) authentication. v0.3 5 Oct 2001 This version adds support for certificate-based authentication in addition to passphrase based authentication, to enable credential renewal. It was developed by Daniel Kouril and Miroslav Ruda for the European DataGrid project. v0.2alpha3 11 Oct 2000 This version was used by many grid portals. v0.2alpha1 27 Sep 2000 v0.2 20 Sep 2000 v0.1b3 30 June 2000 v0.1b2 08 May 2000 v0.1b1 05 May 2000 v0.1 03 Apr 2000