Home -> Toolkit -> Docs -> 2.4 -> Gsi

Grid Security Infrastructure (GSI) v2: Environment Variables

GLOBUS_LOCATION

The GSI libraries use GLOBUS_LOCATION as one place to look for the trusted certificates directory. The location $GLOBUS_LOCATION/share/certficates is used if X509_CERT_DIR is not set and /etc/grid-security and $HOME/.globus/certificates do not exist.

GRIDMAP

This environment variable can be used to override the default location of the grid-mapfile, which is normally /etc/grid-security/grid-mapfile.

X509_CERT_DIR

This environment variable can be used to override the default location of the trusted certificates directory, which is normally /etc/grid-security/certificates.

X509_USER_DELEG_PROXY

This environment variable is set by the GSI libraries to point at the location of credentials that it receives during delegation. Application servers usually then copy this value to X509_USER_PROXY and users generally never see it. Setting this value has no effect.

X509_RUN_AS_SERVER (Deprecated with GT2.2)

If this environment variable is set (to any value) it causes the GSI libraries not to look for a proxy credential unless X509_USER_PROXY is explicitly set. The intent is for this to be used with servers that should always use a given certificate and private key.

X509_USER_CERT

This environment variable can be used to override the default location of the certificate file. For users this is normally $HOME/.globus/usercert.pem. For servers this is normally /etc/grid-security/hostcert.pem.

X509_USER_KEY

This environment variable can be used to override the default location of the private key file. For users this is normally $HOME/.globus/userkey.pem. For servers this is normally /etc/grid-security/hostkey.pem.

X509_USER_PROXY

This environment variable can be used to override the default location of the user proxy credentials, which is normally /tmp/x509up_u<uid>. To stop the GSI libraries from looking for proxy credentials see X509_RUN_AS_SERVER.

X509_CERT_FILE (Deprecated with GT2.2)

This environment variable can be used to explicitly force the GSI libraries to use a given file containing trusted CA certificates. Use of this variable is discouraged due to lack of use and testing.