1 / 10

Grid Access Toolkit for MS Windows

This toolkit aims to streamline access to Grid facilities and provide a single sign-on solution for MS Windows users. It focuses on the gLite model and integrates with the standard Windows environment, with support for smart cards and GSI-enabled SSH and SCP clients. The toolkit addresses obstacles such as proxy management, lack of a real SSO mechanism, and GUI availability.

dunaganm
Télécharger la présentation

Grid Access Toolkit for MS Windows

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grid Access Toolkit forMS Windows Daniel Kouřil CESNET, kouril@ics.muni.cz MWSG meeting, Jun 12-13 2007

  2. Motivation • Ease access to Grid facilities and provide a SSO solution • Not aiming at a complex desktop grid solution • Focusing on the gLite model • UI machines accessed using SSH • A simple package that can be easily installed • Smart card support • Intergration with standard Windows environment • don‘t care about Unix or MacOS users at the moment • (Kerberos interoperability)

  3. Main obstacles identified • Proxy management • Lack of real SSO solution • either cumbersome or even unsecure • GUI not available • CA root certificates management • CRL updates

  4. Goals • GUI to proxy certificates management • with VOMS support • GSI enabled ssh and scp clients • Use as much as possible standard tools • Real SSO mechanism • users explicitely log in to the grid from their desktop just once a day

  5. Current status • Command-line commands to generate proxy certificates • A beta version of GUI to maintain proxies • create/destroy proxy certificates • support for smart cards and MS Windows CertStore • GSI enabled PuTTY and WinSCP • authentication using GSI • credential delegation

  6. GUI

  7. PuTTY & WinSCP

  8. Components • Globus • GSSAPI libraries ported to Win32 • patch not comunicated yet • VOMS • client part ported to Win32 • voms-proxy-init, voms-proxy-info commands available for Win32 • patch being discussed with Vincenzo • re-actived support for PKCS11 • added support for MS CertStore • no need to store certificates in files

  9. Components • Network Identity Manager • a modular framework to maintain credentials • developed by the Kerberos community • plugins for Kerberos5, Kerberos4, AFS, kCA • open source solution (MIT license) • Plugin for NetIdMgr to maintain proxy certificates • based on VOMS libraries • currently tied with Kerberos identity • PuTTy and WinSCP • a third-party patch neccessary for GSSAPI support • originaly meant for Kerberos works with Globus as well

  10. Resources • http://egee.cesnet.cz/mediawiki/index.php/VOMS_on_MS_Windows • contains a zip archive with the voms tools and ssh clients • http://egee.cesnet.cz/mediawiki/index.php/Proxy_Management_Using_the_Network_Identity_Provider • under development

More Related