1 / 13

gLite authentication and authorization

gLite authentication and authorization. Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP. Certificates. INSPECTING PERSONAL CERTIFICATE Look inside your certificate grid-cert-info Important information Creation and expiration date Name and subject of the CA

katy
Télécharger la présentation

gLite authentication and authorization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. gLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP

  2. Certificates • INSPECTING PERSONAL CERTIFICATE • Look inside your certificate grid-cert-info • Important information • Creation and expiration date • Name and subject of the CA • Common Name (CN) of the certificate owner • Certificate subject

  3. Login • Creation of a proxy with voms extensions • This step is like doing a login on the grid. voms-proxy-init --voms gilda Attention: use the same pasword you used to retrieve your certificate

  4. Checking the VOMS proxy • CHECK YOUR VOMS PROXY • To get info about your proxy voms-proxy-info -all • It shows two different lifetimes: • First is related to the proxy itself • The second one is referred to the AC infos added by the VOMS server. • Important: your proxy has lifetime of 12 hours

  5. Proxy • Register a long living proxy in the MyProxy server (grid001.ct.infn.it) • Allows you to create and store a long term proxy certificate myproxy-init --voms gilda • The –s option allows you to specify the name of the myproxy server you want to contact myproxy-init --voms gilda –s grid001.ct.infn.it

  6. Still myproxy-init • Register a long living proxy in the MyProxy server (grid001.ct.infn.it) • The –l option allows you to create and store a long term proxy with a name specified by the user myproxy-init --voms gilda –s grid001.ct.infn.it –l GILDA_TUTOR • Each user can create and store several proxies in a myproxy server, but each remote proxy is linked to the specified username

  7. Still myproxy • Gather information about the proxy in the MyProxy server • If in your UI there is no local proxy, it´s not possible to be authenticated in the myproxy server • In this case it is needed to get a delegate proxy from the MyProxy server or create a local proxy with voms-proxy-init

  8. Get a delegated proxy from the MyProxy server • It allows you to get a proxy from the myproxy server • Destroy the proxy in the local machine and verify it doesn´t exist anymore voms-proxy-destroy voms-proxy-info couldn´t find a valid proxy

  9. Still proxies • Get a delegated proxy from the MyProxy server • Now in your UI (virtual o real), there is no local proxy. • To get a proxy from the myproxy sever myproxy-get-delegation –s grid001.ct.infn.it

  10. Still proxies • Get a delegated proxy from the MyProxy server • With –d option myproxy-get-delegation –s grid001.ct.infn.it –d • Verify now that the user has a local proxy voms-proxy-info

  11. Still proxies • Destroy remote proxy • You can destroy your remote proxy myproxy-destroy –s grid001.ct.infn.it • Check your remote proxy myproxy-info –s grid001.ct.infn.it

  12. Still proxies • Destroy remote proxy • Destroy your remote proxy with -d myproxy-destroy –s grid001.ct.infn.it -d • Check your remote proxy with -d myproxy-info –s grid001.ct.infn.it -d

  13. Still proxies • Destroy remote proxy • Destroy your remote proxy with -l myproxy-destroy –s grid001.ct.infn.it –l GILDA_TUTOR • Check your remote proxy with -l myproxy-info –s grid001.ct.infn.it –l GILDA_TUTOR

More Related