Embed Size (px)
Citation preview
gLite authentication and authorization
Discipline: Grid Computing, 07/08-2Practical classesInês Dutra, DCC/FCUP
2
Certificates
INSPECTING PERSONAL CERTIFICATE
Look inside your certificate
grid-cert-info
Important information Creation and expiration date Name and subject of the CA Common Name (CN) of the certificate owner Certificate subject
3
Login Creation of a proxy with voms
extensions
This step is like doing a login on the grid.
voms-proxy-init --voms gilda
Attention: use the same pasword you used to retrieve your certificate
4
Checking the VOMS proxy
CHECK YOUR VOMS PROXY
To get info about your proxy
voms-proxy-info -all
It shows two different lifetimes: First is related to the proxy itself The second one is referred to the AC infos added by the
VOMS server.
Important: your proxy has lifetime of 12 hours
5
Proxy Register a long living proxy in the MyProxy
server (grid001.ct.infn.it)
Allows you to create and store a long term proxy certificate
myproxy-init --voms gilda
The –s option allows you to specify the name of the myproxy server you want to contact
myproxy-init --voms gilda –s grid001.ct.infn.it
6
Still myproxy-init
Register a long living proxy in the MyProxy server (grid001.ct.infn.it)
The –l option allows you to create and store a long term proxy with a name specified by the user
myproxy-init --voms gilda –s grid001.ct.infn.it –l GILDA_TUTOR
Each user can create and store several proxies in a myproxy server, but each remote proxy is linked to the specified username
7
Still myproxy
Gather information about the proxy in the MyProxy server
If in your UI there is no local proxy, it´s not possible to be authenticated in the myproxy server
In this case it is needed to get a delegate proxy from the MyProxy server or create a local proxy with
voms-proxy-init
8
Get a delegated proxy from the MyProxy server
It allows you to get a proxy from the myproxy server
Destroy the proxy in the local machine and verify it doesn´t exist anymore
voms-proxy-destroyvoms-proxy-info
couldn´t find a valid proxy
9
Still proxies
Get a delegated proxy from the MyProxy server
Now in your UI (virtual o real), there is no local proxy.
To get a proxy from the myproxy sever
myproxy-get-delegation –s grid001.ct.infn.it
10
Still proxies
Get a delegated proxy from the MyProxy server
With –d option
myproxy-get-delegation –s grid001.ct.infn.it –d
Verify now that the user has a local proxy
voms-proxy-info
11
Still proxies
Destroy remote proxy
You can destroy your remote proxy
myproxy-destroy –s grid001.ct.infn.it
Check your remote proxy
myproxy-info –s grid001.ct.infn.it
12
Still proxies
Destroy remote proxy
Destroy your remote proxy with -d
myproxy-destroy –s grid001.ct.infn.it -d
Check your remote proxy with -d
myproxy-info –s grid001.ct.infn.it -d
13
Still proxies
Destroy remote proxy
Destroy your remote proxy with -l
myproxy-destroy –s grid001.ct.infn.it –l GILDA_TUTOR
Check your remote proxy with -l
myproxy-info –s grid001.ct.infn.it –l GILDA_TUTOR
