GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.

Slides:

Advertisements

Similar presentations

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

Advertisements

12th EELA Tutorial, Lima, FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America.

Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.

The Gilda User Interface Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.

Enabling Grids for E-sciencE Security on gLite middleware Matthieu Reichstadt CNRS/IN2P3 ACGRID School, Hanoi (Vietnam) November 5th, 2007.

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.

IST E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.

E-science grid facility for Europe and Latin America gLite Security Alfonso Pardo CETA-CIEMAT - Spain Dublin (Ireland), September.

E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.

Induction: Additional features of GENIUS 18 May Some additional features of GENIUS EGEE is funded by the European Union under contract IST

E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to GILDA and gaining access.

INFSO-RI Enabling Grids for E-sciencE GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.

E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA Hands-on on security Pedro Rausch IF - UFRJ.

EGEE-III INFSO-RI Enabling Grids for E-sciencE Apr. 25, Grid Computing Hands On Training for Users Faculty of Sciences, University.

Condor-G A Quick Introduction Alan De Smet Condor Project University of Wisconsin - Madison.

INFSO-RI Enabling Grids for E-sciencE Security in gLite Gergely Sipos MTA SZTAKI With thanks for some slides to.

Part 9: MyProxy Pragmatics This presentation and lab ends the GRIDS Center agenda Q: When do we convene again tomorrow?

EGEE-II INFSO-RI Enabling Grids for E-sciencE The GILDA training infrastructure.

The MyProxy Online Credential Repository Jim Basney NCSA

Hands-on security Angelines Alberto Morillas Ciemat.

EGEE is a project funded by the European Union under contract IST Grid proxy and MyProxy Roberto Barbera Univ. of Catania and INFN SEE-GRID.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America Security Hands-on Vanessa.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Practicals on Security Miguel Cárdenas Montes.

E-infrastructure shared between Europe and Latin America Security Hands-on Alexandre Duarte CERN Fifth EELA Tutorial Santiago, 06/09-07/09,2006.

EGEE-II INFSO-RI Enabling Grids for E-sciencE MyProxy - a brief introduction.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Moisés Hernández Duarte UNAM FES Cuautitlán.

INFSO-RI Enabling Grids for E-sciencE Authorisation and Authentication in gLite Mike Mineter National e-Science Centre, Edinburgh.

Further aspects of EGEE middleware components INFN, Catania EGEE is funded by the European Union under contract IST

INFSO-RI Enabling Grids for E-sciencE VOMS & MyProxy interaction Emidio Giorgio INFN NA4 Generic Applications Meeting 10 January.

Enabling Grids for E-sciencE Sofia, 17 March 2009 INFSO-RI Introduction to Grid Computing, EGEE and Bulgarian Grid Initiatives –

Security on Grid: User Interface, Internals and APIs Simone Campana LCG Experiment Integration and Support CERN IT.

LCG2 Tutorial Viet Tran Institute of Informatics Slovakia.

Security in WLCG/EGEE. Security – January Requirements Providers of resources (computers, storages, databases, services..) need risks to.

Authentication Services Grid Security concepts and tools Valeria Ardizzone Istituto Nazionale di Fisica Nucleare Sezione.

Hands-on security Carlos Fuentes RedIRIS Madrid,26 – 30 de Octubre de 2008.

Hands on Security, Authentication and Authorization Virginia Martín-Rubio Pascual RedIRIS/Red.es Curso Grid y e-Ciencia.

EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Hands on gLite Security.

1 Grid Security Jinny Chien Academia Sinica Computing Centre Deployment team.

1 Grid Security Alessandro Paolini INFN-CNAF IV Scuola della GRID per utenti.

Enabling Grids for E-sciencE gLite security pratical tutorial Dario Russo INFN Catania Catania,

INFSO-RI Enabling Grids for E-sciencE Authorisation and Authentication Dr. Mike Mineter National e-Science Centre, Edinburgh / UK.

Security, Authentication and Authorization Virginia Martín-Rubio Pascual RedIRIS/Red.es Curso Grid y e-Ciencia 2010, Valencia.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

The NGS Portal Guy Warner NeSC Training.

Authentication Services Grid security concepts and tools D. Cesini (INFN-CNAF), V.Ciaschini (INFN-CNAF), A.Paolini (INFN-CNAF) INFN Grid School, CNAF,

Antonio Fuentes RedIRIS Barcelona, 15 Abril 2008 The GENIUS Grid portal.

EGEE is a project funded by the European Union under contract IST Job Submission Giuseppe La Rocca EGEE NA4 Generic Applications INFN Catania.

User Interface (UI) Installation Bandung ITB Desember 2009.

EGEE is a project funded by the European Union under contract IST Grid proxy and MyProxy Giuseppe La Rocca EGEE NA4 Generic Applications GENIUS/GILDA.

(Exchange Programme to advance e-Infrastructure Know-How) The EPIKH Project Hailong Yang

Authentication, Authorisation and Security

MyProxy Server Installation

Practicals on VOMS and MyProxy

gLite 1.4. Data Mangement Exercises

Grid Security Jinny Chien Academia Sinica Grid Computing.

Update on EDG Security (VOMS)

Long term job submission and monitoring uing grid services

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

Certificates Usage and Simple Job Submission

Certificates Usage and Simple Job Submission

The GENIUS Security Services

Certificates Usage and Simple Job Submission

GENIUS Grid portal Hands on

a middleware implementation

Presentation transcript:

gLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP

2 Certificates INSPECTING PERSONAL CERTIFICATE  Look inside your certificate grid-cert-info  Important information Creation and expiration date Name and subject of the CA Common Name (CN) of the certificate owner Certificate subject

3 Login Creation of a proxy with voms extensions  This step is like doing a login on the grid. voms-proxy-init --voms gilda Attention: use the same pasword you used to retrieve your certificate

4 Checking the VOMS proxy CHECK YOUR VOMS PROXY  To get info about your proxy voms-proxy-info -all  It shows two different lifetimes: First is related to the proxy itself The second one is referred to the AC infos added by the VOMS server.  Important: your proxy has lifetime of 12 hours

5 Proxy Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  Allows you to create and store a long term proxy certificate myproxy-init --voms gilda  The –s option allows you to specify the name of the myproxy server you want to contact myproxy-init --voms gilda –s grid001.ct.infn.it

6 Still myproxy-init Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  The –l option allows you to create and store a long term proxy with a name specified by the user myproxy-init --voms gilda –s grid001.ct.infn.it –l GILDA_TUTOR  Each user can create and store several proxies in a myproxy server, but each remote proxy is linked to the specified username

7 Still myproxy Gather information about the proxy in the MyProxy server  I f in your UI there is no local proxy, it´s not possible to be authenticated in the myproxy server  In this case it is needed to get a delegate proxy from the MyProxy server or create a local proxy with voms-proxy-init

8 Get a delegated proxy from the MyProxy server  It allows you to get a proxy from the myproxy server  Destroy the proxy in the local machine and verify it doesn´t exist anymore voms-proxy-destroy voms-proxy-info couldn´t find a valid proxy

9 Still proxies Get a delegated proxy from the MyProxy server  Now in your UI (virtual o real), there is no local proxy.  To get a proxy from the myproxy sever myproxy-get-delegation –s grid001.ct.infn.it

10 Still proxies Get a delegated proxy from the MyProxy server  With –d option myproxy-get-delegation –s grid001.ct.infn.it –d  Verify now that the user has a local proxy voms-proxy-info

11 Still proxies Destroy remote proxy  You can destroy your remote proxy myproxy-destroy –s grid001.ct.infn.it  Check your remote proxy myproxy-info –s grid001.ct.infn.it

12 Still proxies Destroy remote proxy  Destroy your remote proxy with -d myproxy-destroy –s grid001.ct.infn.it -d  Check your remote proxy with -d myproxy-info –s grid001.ct.infn.it -d

13 Still proxies Destroy remote proxy  Destroy your remote proxy with -l myproxy-destroy –s grid001.ct.infn.it –l GILDA_TUTOR  Check your remote proxy with -l myproxy-info –s grid001.ct.infn.it –l GILDA_TUTOR