GT 6.0 GSI C Release Notes

Note	The Grid Community Toolkit documentation was taken from the Globus Toolkit 6.0 documentation. As a result, there may be inaccuracies and outdated information. Please report any problems to the Grid Community Forums as GitHub issues.

GCT → GSI C → GT 6.0 GSI C Release Notes

Component Overview

The Grid Community Toolkit GSI C component provides APIs and tools for authentication, authorization and certificate management. The authentication API is built using Public Key Infrastructure (PKI) technologies, e.g. X.509 Certificates and TLS. In addition to authentication it features a delegation mechanism based upon X.509 Proxy Certificates. Authorization support takes the form of a couple of APIs. The first provides a generic authorization API that allows callouts to perform access control based on the client’s credentials (i.e. the X.509 certificate chain). The second provides a simple access control list that maps authorized remote entities to local (system) user names. The second mechanism also provides callouts that allow third parties to override the default behavior and is currently used in the Gatekeeper and GridFTP servers. In addition to the above there are various lower level APIs and tools for managing, discovering and querying certificates.

Feature summary

Features new in GT 6.0

None.

Other Supported Features

Uses internet-standard GSSAPI for security operations.
Supports certificate-based authentication, using both standard X.509 End Entity and Proxy Certificates.
Supports delegation of user rights to services using standard X.509 Proxy Certificates.
Supports authorization based on client certificate chains, including support for X.509v3 certificate extensions.
Provides tools for managing certificates, proxies, trust roots, and credential identity mapping tables.

Deprecated Features

None

Summary of Changes in GSIC

New Features: GSIC

globus-gssapi-gsi-11.16: Add new configuration options

Improvements: GSIC

More test cases

Fixed Bugs for GSIC

None

Known Problems in GSIC

GT-106: Free requirement for cred_get_subject_name not in API docs

Technology dependencies

The GSI C component depends on the following GCT components:

C Common Libraries

The GSI C component depends on the following 3rd party software:

OpenSSL

Tested platforms

GSI C has been tested on the following platforms:

Table 1. Tested Platforms
Operating System	Distribution	Version(s)	Architecture(s)
Linux	CentOS	5, 6	i386, x86_64
	CentOS	7	x86_64
	Fedora	20, 21, 22	i386, x86_64
	Red Hat Enterprise Linux	5, 6	i386, x86_64
	Red Hat Enterprise Linux	7	x86_64
	Scientific Linux	5, 6	i386, x86_64
	Scientific Linux	7	x86_64
	SUSE Linux Enterprise Server	11SP3	x86_64
	Debian	6, 7, 8	i386, amd64
	Ubuntu	12.04LTS, 14.04LTS, 14.10, 15.04	i386, amd64
Mac OS X		10.6-10.10	i386, x86_64
Solaris	OmniOS	r151006	x86_64
Windows 7	Cygwin		i386, x86_64
Windows 7	MingW64		i386, x86_64

Backward compatibility summary

Protocol changes in GSI C since GT 5.2

None

API changes since GT 5.2

None

Exception changes since GT 5.2

Not applicable

Schema changes since GT 5.2

Not applicable

Associated Standards

Associated standards for GSI C:

RFC 3820 Proxy Certificates
RFC 2744 GSSAPI: C-bindings
RFC 2743 GSSAPI
GFD 24 GSSAPI Extensions
RFC 2246 TLS

For More Information

See GSI C for more information about this component.