MyProxy is open source software for managing X.509 Public Key Infrastructure (PKI) security credentials (certificates and private keys). MyProxy combines an online credential repository with an online certificate authority to allow users to securely obtain credentials when and where needed. Users run myproxy-logon to authenticate and obtain credentials, including trusted CA certificates and Certificate Revocation Lists (CRLs).
Storing credentials in a MyProxy repository allows users to easily obtain RFC 3820 proxy credentials, without worrying about managing private key and certificate files. They can use MyProxy to delegate credentials to services acting on their behalf (like a grid portal) by storing credentials in the MyProxy repository and sending the MyProxy passphrase to the service. They can also use MyProxy to renew their credentials, so, for example, long-running jobs don't fail because of expired credentials. A professionally managed MyProxy server can provide a more secure storage location for private keys than typical end-user systems. MyProxy can be configured to encrypt all private keys in the repository with user-chosen passphrases, with server-enforced policies for passphrase quality. By using a proxy credential delegation protocol, MyProxy allows users to obtain proxy credentials when needed without ever transferring private keys over the network.
For users that don't already have PKI credentials, the MyProxy Certificate Authority (CA) provides a convenient method for obtaining them. The MyProxy CA issues short-lived session credentials to authenticated users. The repository and CA functionality can be combined in one service or can be used separately.
MyProxy provides a set of flexible authentication and authorization mechanisms for controlling access to credentials. Server-wide policies allow the MyProxy administrator to control how credentials may be used. Per-credential policies provide additional controls for credential owners. MyProxy supports multiple authentication mechanisms, including passphrase, certificate, Kerberos, Pubcookie, VOMS, PAM, LDAP, SASL and One Time Passwords (OTP).
The NGS runs a central MyProxy service (myproxy.ngs.ac.uk), and thus many member sites will only need to install the client tools
MyProxy server installation
Read the MyProxy server installation guide
VDT installation documentation
The NGS maintains a set of internal documentation detailing how to install VDT. By following these instructions a site can quickly install and configure a wide range of Grid services which are needed in order to become a member, including: GSI, GLUE, MDS, PreWS GRAM, GSI-SSH server and clients, MyProxy clients, VOMS Clients and GridFTP
NGS Site Level Services
For further information on the NGS software stack, please refer to the NGS Site Level Services reference document.