INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.

Slides:



Advertisements
Similar presentations
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to EGEE hands-on Gergely Sipos.
Advertisements

12th EELA Tutorial, Lima, FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America.
It’s not about security... it’s about access! Grid Security Pieter van Beek.
Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Tutorial Getting started with GILDA.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Security on Grid: Emidio Giorgio INFN –
INFSO-RI Enabling Grids for E-sciencE Claudio Cherubino, INFN Catania Grid Tutorial for users Merida, April 2006 Authorization.
Summer School Certificates Diego Romano & Gilda Team.
GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.
Enabling Grids for E-sciencE Security on gLite middleware Matthieu Reichstadt CNRS/IN2P3 ACGRID School, Hanoi (Vietnam) November 5th, 2007.
INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.
IST E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Security in gLite Gergely Sipos and Peter Kacsuk MTA SZTAKI Grid Computing School.
INFSO-RI Enabling Grids for E-sciencE Security on Grid: Emidio Giorgio INFN – Catania Pisa, EGEE 4 th Conference Training Day, 23.
E-science grid facility for Europe and Latin America gLite Security Alfonso Pardo CETA-CIEMAT - Spain Dublin (Ireland), September.
E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.
INFSO-RI Enabling Grids for E-sciencE Installation and configuration of gLite Resource Broker Emidio Giorgio INFN EGEE-EMBRACE tutorial,
Exporting User Certificate from Internet Explorer.
INFSO-RI Enabling Grids for E-sciencE How to join GILDA Riccardo Bruno INFN gLite Tutorial at the First EGEE User Forum CERN,
E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.
INFSO-RI Enabling Grids for E-sciencE VOMS architecture Valerio Venturi, Vincenzo Ciaschini INFN First gLite tutorial on GILDA,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to GILDA and gaining access.
E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA Hands-on on security Pedro Rausch IF - UFRJ.
EGEE-III INFSO-RI Enabling Grids for E-sciencE Apr. 25, Grid Computing Hands On Training for Users Faculty of Sciences, University.
INFSO-RI Enabling Grids for E-sciencE Security in gLite Gergely Sipos MTA SZTAKI With thanks for some slides to.
E-NMR (RI ) is funded by the European Commission under the Research Infrastructure Programme Introduction to e-NMR hands-on e-NMR gLite.
EGEE-II INFSO-RI Enabling Grids for E-sciencE The GILDA training infrastructure.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks VOMS Vincenzo Ciaschini EGEE/OSG Workshop.
12th September 2007UK e-Science All Hands Meeting1 John Kewley Grid Technology Group e-Science Centre STFC Daresbury Laboratory GROWL.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Giuseppe La Rocca INFN – Catania
Hands-on security Angelines Alberto Morillas Ciemat.
EGEE is a project funded by the European Union under contract IST Grid proxy and MyProxy Roberto Barbera Univ. of Catania and INFN SEE-GRID.
4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America Security Hands-on Vanessa.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Practicals on Security Miguel Cárdenas Montes.
E-infrastructure shared between Europe and Latin America Security Hands-on Alexandre Duarte CERN Fifth EELA Tutorial Santiago, 06/09-07/09,2006.
EGEE-II INFSO-RI Enabling Grids for E-sciencE MyProxy - a brief introduction.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Practicals on Security – Infosys -- WMS.
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Moisés Hernández Duarte UNAM FES Cuautitlán.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Introduction to P-GRADE Portal hands-on Miklos Kozlovszky MTA SZTAKI
INFSO-RI Enabling Grids for E-sciencE - II SLCS, VASH, and LCAS/LCMAPS Plugins All-Hands Meeting Helsinki Placi Flury, SWITCH 19.
Further aspects of EGEE middleware components INFN, Catania EGEE is funded by the European Union under contract IST
INFSO-RI Enabling Grids for E-sciencE Authorisation and Authentication in gLite Mike Mineter National e-Science Centre, Edinburgh.
INFSO-RI Enabling Grids for E-sciencE VOMS & MyProxy interaction Emidio Giorgio INFN NA4 Generic Applications Meeting 10 January.
Enabling Grids for E-sciencE Sofia, 17 March 2009 INFSO-RI Introduction to Grid Computing, EGEE and Bulgarian Grid Initiatives –
Security on Grid: User Interface, Internals and APIs Simone Campana LCG Experiment Integration and Support CERN IT.
LCG2 Tutorial Viet Tran Institute of Informatics Slovakia.
INFSO-RI Enabling Grids for E-sciencE Security on Grid: Emidio Giorgio INFN – Catania Singapore, 1st South East Asia Forum -- EGEE.
INFSO-RI Enabling Grids for E-sciencE GILDA Praticals GILDA Tutors INFN Catania 4th EGEE Conference Pisa 23.October.2005.
Hands-on security Carlos Fuentes RedIRIS Madrid,26 – 30 de Octubre de 2008.
Hands on Security, Authentication and Authorization Virginia Martín-Rubio Pascual RedIRIS/Red.es Curso Grid y e-Ciencia.
EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.
Tutorial on "GRID Computing“ EMBnet Conference 2008 CNR - ITB Authenticated Grid access with robot certificates Giuseppe LA ROCCA INFN.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Hands on gLite Security.
1 Grid Security Jinny Chien Academia Sinica Computing Centre Deployment team.
Enabling Grids for E-sciencE gLite security pratical tutorial Dario Russo INFN Catania Catania,
INFSO-RI Enabling Grids for E-sciencE Authorisation and Authentication Dr. Mike Mineter National e-Science Centre, Edinburgh / UK.
INFSO-RI Enabling Grids for E-sciencE GILDA t-Infrastructure Antonio Fuentes Bermejo
Security, Authentication and Authorization Virginia Martín-Rubio Pascual RedIRIS/Red.es Curso Grid y e-Ciencia 2010, Valencia.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Authentication, Authorisation and Security Emidio Giorgio INFN Catania.
EGEE is a project funded by the European Union under contract IST Job Submission Giuseppe La Rocca EGEE NA4 Generic Applications INFN Catania.
EGEE is a project funded by the European Union under contract IST Grid proxy and MyProxy Giuseppe La Rocca EGEE NA4 Generic Applications GENIUS/GILDA.
(Exchange Programme to advance e-Infrastructure Know-How) The EPIKH Project Hailong Yang
MyProxy Server Installation
Practicals on VOMS and MyProxy
gLite 1.4. Data Mangement Exercises
Certificates Usage and Simple Job Submission
Certificates Usage and Simple Job Submission
Certificates Usage and Simple Job Submission
Presentation transcript:

INFSO-RI Enabling Grids for E-sciencE GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February 2006

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February Access to the User Interface Login where XX=01,..25 Passwd : GridSINXX XX=01,..,25 PEM PASSPHRASE : SINGAPORE

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February 2006

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February Outline VOMS proxy usage MyProxy Usage

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February Preliminary :.globus directory.globus directory contains your personal public / private keys Pay attention to permissions – userkey.pem contains your private key, and must be readable just by yourself (400) – usercert.pem contains your public key, which should be readable also from outside (644) [ glite-tutor ] /home/giorgio > ls -l.globus total 8 -rw-r--r-- 1 giorgio users 1613 Oct 4 19:30 usercert.pem -r giorgio users 1914 Oct 4 19:30 userkey.pem

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February voms-proxy-init : options Main options -voms  command syntax is :/ /group for group specify (default none)  command syntax is :/ /Role= for Role choice (default none) -valid x:y, create a proxy valid for x hours and y minutes -vomslife x, create a proxy with AC valid for x hours (max 24 h) -cert Non-standard location of user certificate -key Non-standard location of user key -out Non-standard location of new proxy cert -userconf Non-standard location for user-defined voms server addresses Default location for voms server address file is /opt/glite/etc/vomses or $HOME/.glite/vomses. Syntax : “vo-nickname" “voms server FQDN" “port“ “voms server \ certificate subject" “vo name“ Parameters for vomses are usually provided by VOs manager voms-proxy-init –-voms gilda:/gilda/Role=VO-Admin voms-proxy-init --voms gilda:/gilda/generic-users

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February Verify your credentials Exercise 1 : create a voms proxy requesting your group membership (all of you belong to generic-users group); then verify obtained credentials with voms-proxy-info –Main options : -all prints all proxy options -file specifies a different location of proxy file

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February VOMS proxy info /home/giorgio > voms-proxy-info -all subject : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio issuer : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio identity : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio type : proxy strength : 512 bits path : /tmp/x509up_u513 timeleft : 11:59:52 === VO gilda extension information === VO : gilda subject : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio issuer : /C=IT/O=GILDA/OU=Host/L=INFN attribute : /gilda/tutors/Role=NULL/Capability=NULL attribute : /gilda/Role=NULL/Capability=NULL timeleft : 11:59:45 Standard globus attributes Voms extensions

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February Long term proxy : MyProxy myproxy server: –myproxy-init  Allows to create and store a long term proxy certificate: –myproxy-info  Get information about stored long living proxy –myproxy-get-delegation  Get a new proxy from the MyProxy server –myproxy-destroy –Check out them with myproxy-xxx --help option A dedicated service on the RB can renew automatically the proxy –contacting the myproxy server

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February myproxy-init myproxy-init -s grid001.ct.infn.it Your identity: /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio Enter GRID pass phrase for this identity: Creating proxy Done Proxy Verify OK Your proxy is valid until: Sun Jun 19 21:18: Enter MyProxy pass phrase: Verifying password - Enter MyProxy pass phrase: A proxy valid for 168 hours (7.0 days) for user giorgio now exists on grid001.ct.infn.it. Principal options -c hours specifies lifetime of stored credentials -t hours specifies the maximum lifetime of credentials when retrieved -s specifies the myproxy server where to store credentials -d stores credential with the distinguished name in proxy, instead of user name (mandatory for some data management services and proxy renewal) For proxy renewal it’s also mandatory –n (no passphrase). You’ve to specify also subject of principals that can renew a delegation (-R subject, or -A for any principal)

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February myproxy-info Useful to retrieve info on stored credentials Need local credentials to be performed If credentials have been initialized with –d switch, you have also to specify it there myproxy-info -s grid001.ct.infn.it username: giorgio owner: /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio timeleft: 167:55:34 (7.0 days)

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February myproxy-get-delegation This command is used to retrieve a delegation from a long lived proxy stored on myproxy server It is independent by the machine ! You don’t need to have your certificate on board If credentials have been initialized with –d switch, you have to specify it also in myproxy-get-delegation request myproxy-get-delegation \ -s grid001.ct.infn.it Enter MyProxy pass phrase: A proxy has been received for user giorgio in /tmp/x509up_u513

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February myproxy-destroy Delete, if existing, the long lived credentials on the specified myproxy server [glite-tutor] /home/giorgio > myproxy-destroy \ -s grid001.ct.infn.it Default MyProxy credential for user giorgio was successfully removed.

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February Exercise Exercise 2 –Create a myproxy on the server grid001.ct.infn.it –Visualize information on that –Create a myproxy with –d option –Which differences you note ? –Destroy both

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February Storing long lived voms proxies myproxy doesn’t support natively VOMS To allow storing of voms ext., myproxy client has been modified, The faculty of choosing VO and group/roles has been added, while the previous options have all been kept Proxies then retrieved with myproxy-get-delegation will have the requested voms extension but… There’s a limitation, due to voms extensions lifetime: tipically it’s limited, and it’s not renewed when performing myproxy-get-delegation Studying solutions to extend voms extension renew in get-delegation The “modified” client is available only on GILDA UI’s Will be largely deployed when the above issues will be solved myproxy-init --voms gilda

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February voms extension on a delegated proxy [ui-test] /home/giorgio > myproxy-get-delegation -s grid001.ct.infn.it Enter MyProxy pass phrase: A proxy has been received for user giorgio in /tmp/x509up_u500 [ui-test] /home/giorgio > voms-proxy-info -all subject : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio y issuer : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio identity : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio type : unknown strength : 512 bits path : /tmp/x509up_u500 timeleft : 12:00:09 === VO gilda extension information === VO : gilda subject : /C=IT/O=GILDA/OU=Personal Certificate/L=INFN/CN=Emidio issuer : /C=IT/O=GILDA/OU=Host/L=INFN attribute : /gilda/Role=NULL/Capability=NULL attribute : /gilda/tutors/Role=NULL/Capability=NULL timeleft : 23:59:57 Voms extension lifetime

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February Questions…

Enabling Grids for E-sciencE INFSO-RI Singapore, 1st South East Asia Forum -- EGEE tutorial 9-10 February THE END

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.