Home -> Toolkit -> Docs -> Development -> 3.9.4 -> Security -> Prewsaa

GT 3.9.4 Development Release Notes for Pre-WS Authentication & Authorization

• Component Overview
• Feature Summary
• Bug Fixes
• Known Problems
• Technology Dependencies
• Supported Platforms
• Backward Compatibility Summary
• For More Information

Component Overview

The Globus Toolkit Pre-Web Services Authentication and Authorization component allows for the authentication of users and services using X.509 End Entity certificates as well as allow for delegation using X.509 Proxy Certificates. The authorization callouts enable the ability to perform access control based on the client credentials (i.e. the X.509 certificate chain), customize gridmap lookup (currently available in the Gatekeeper and GridFTP servers), and perform fine-grained authorization in the GRAM Jobmanager.

Feature Summary

Features new in release 3.9.4

• None

Other Supported Features

• Authentication of user using standard X.509 End Entity and Proxy Certificates
• Delegation using X.509 Proxy Certificates
• Allow authorization based on client certificate chain for GridFTPD and Pre-WS GRAM
• Allow authorization for Pre-WS GRAM based on RSL of job

Deprecated Features

• None

Bug Fixes

• 3.9.4
  • Bug 1927: authz linking problems on Mac OS X
  • Bug 2180: The most trivial bug report ever
  • Bug 2207: Missing security error 'timestampNotOk'
  • Bug 2357: grid-mapfile* commands ignoring env var GRIDMAP

• 3.9.3
  • Bug 1217: gss_export_name() does not conform to RFC 2743 section 3.2
  • Bug 1334: request for more strict format checking in grid-mapfile-check-consistency
  • Bug 1740: Implicit module activiation
  • Bug 1802: accept_sec_context doesn't set LIMITED_PROXY_FLAG for GSI_3_LIMITED_PROXY
  • Bug 1847: grid-cert-request with both /etc/grid-security and $GL/share/certificates
  • Bug 1854: grid-cert-info help message is missing a word

Known Problems

• Bug 1239: grid grants access even though local account is locked
• Bug 1753: bug 318 resolution opens door to spoofing ?
• Bug 2210: gsi driver out of memory
• Bug 2476: 3.9.4 rc3 gaa_simple does not build with --static=1

Technology Dependencies

The Pre-WS Authentication and Authorization component depends on the following GT components:

• C Common Libraries

The Pre-WS Authentication and Authorization component depends on the following 3rd party software:

• OpenSSL

Tested Platforms

Tested platforms for Pre-WS Authentication & Authorization:

• i386 Linux

Backward Compatibility Summary

Protocol changes in Pre-WS Authentication and Authorization since GT version 3.2

• None

API changes since GT version 3.2

• None

Exception changes since GT version 3.2

• Not applicable

Schema changes since GT version 3.2

• Not applicable

For More Information

Click here for more information about this component.