Hands-on security Angelines Alberto Morillas Ciemat.

Slides:

Advertisements

Similar presentations

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to EGEE hands-on Gergely Sipos.

Advertisements

12th EELA Tutorial, Lima, FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America.

It’s not about security... it’s about access! Grid Security Pieter van Beek.

Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Tutorial Getting started with GILDA.

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Grid Security. Typical Grid Scenario Users Resources.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

Summer School Certificates Diego Romano & Gilda Team.

Mechanisms to Secure x.509 Grid Certificates Andrew Hanushevsky Robert Cowles Stanford Linear Accelerator Center.

GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.

Enabling Grids for E-sciencE Security on gLite middleware Matthieu Reichstadt CNRS/IN2P3 ACGRID School, Hanoi (Vietnam) November 5th, 2007.

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.

IST E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.

E-science grid facility for Europe and Latin America gLite Security Alfonso Pardo CETA-CIEMAT - Spain Dublin (Ireland), September.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.

Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.

E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to GILDA and gaining access.

INFSO-RI Enabling Grids for E-sciencE GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.

E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA Hands-on on security Pedro Rausch IF - UFRJ.

EGEE-III INFSO-RI Enabling Grids for E-sciencE Apr. 25, Grid Computing Hands On Training for Users Faculty of Sciences, University.

INFSO-RI Enabling Grids for E-sciencE Security in gLite Gergely Sipos MTA SZTAKI With thanks for some slides to.

Part 9: MyProxy Pragmatics This presentation and lab ends the GRIDS Center agenda Q: When do we convene again tomorrow?

EGEE-II INFSO-RI Enabling Grids for E-sciencE The GILDA training infrastructure.

The MyProxy Online Credential Repository Jim Basney NCSA

Grid, Web services and Taverna Machiel Jansen Richard Holland.

EGEE is a project funded by the European Union under contract IST Grid proxy and MyProxy Roberto Barbera Univ. of Catania and INFN SEE-GRID.

4th EELA TUTORIAL - USERS AND SYSTEM ADMINISTRATORS E-infrastructure shared between Europe and Latin America Security Hands-on Vanessa.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Practicals on Security Miguel Cárdenas Montes.

E-infrastructure shared between Europe and Latin America Security Hands-on Alexandre Duarte CERN Fifth EELA Tutorial Santiago, 06/09-07/09,2006.

EGEE-II INFSO-RI Enabling Grids for E-sciencE MyProxy - a brief introduction.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Moisés Hernández Duarte UNAM FES Cuautitlán.

INFSO-RI Enabling Grids for E-sciencE Authorisation and Authentication in gLite Mike Mineter National e-Science Centre, Edinburgh.

INFSO-RI Enabling Grids for E-sciencE VOMS & MyProxy interaction Emidio Giorgio INFN NA4 Generic Applications Meeting 10 January.

Enabling Grids for E-sciencE Sofia, 17 March 2009 INFSO-RI Introduction to Grid Computing, EGEE and Bulgarian Grid Initiatives –

Security on Grid: User Interface, Internals and APIs Simone Campana LCG Experiment Integration and Support CERN IT.

LCG2 Tutorial Viet Tran Institute of Informatics Slovakia.

Security in WLCG/EGEE. Security – January Requirements Providers of resources (computers, storages, databases, services..) need risks to.

Authentication Services Grid Security concepts and tools Valeria Ardizzone Istituto Nazionale di Fisica Nucleare Sezione.

Hands-on security Carlos Fuentes RedIRIS Madrid,26 – 30 de Octubre de 2008.

Hands on Security, Authentication and Authorization Virginia Martín-Rubio Pascual RedIRIS/Red.es Curso Grid y e-Ciencia.

EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Hands on gLite Security.

1 Grid Security Jinny Chien Academia Sinica Computing Centre Deployment team.

1 Grid Security Alessandro Paolini INFN-CNAF IV Scuola della GRID per utenti.

Enabling Grids for E-sciencE gLite security pratical tutorial Dario Russo INFN Catania Catania,

INFSO-RI Enabling Grids for E-sciencE Authorisation and Authentication Dr. Mike Mineter National e-Science Centre, Edinburgh / UK.

Security, Authentication and Authorization Virginia Martín-Rubio Pascual RedIRIS/Red.es Curso Grid y e-Ciencia 2010, Valencia.

The NGS Portal Guy Warner NeSC Training.

Antonio Fuentes RedIRIS Barcelona, 15 Abril 2008 The GENIUS Grid portal.

EGEE is a project funded by the European Union under contract IST Job Submission Giuseppe La Rocca EGEE NA4 Generic Applications INFN Catania.

EGEE is a project funded by the European Union under contract IST Grid proxy and MyProxy Giuseppe La Rocca EGEE NA4 Generic Applications GENIUS/GILDA.

(Exchange Programme to advance e-Infrastructure Know-How) The EPIKH Project Hailong Yang

Authentication, Authorisation and Security

MyProxy Server Installation

Practicals on VOMS and MyProxy

gLite 1.4. Data Mangement Exercises

Grid Security Jinny Chien Academia Sinica Grid Computing.

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

Certificates Usage and Simple Job Submission

Certificates Usage and Simple Job Submission

The GENIUS Security Services

Certificates Usage and Simple Job Submission

GENIUS Grid portal Hands on

Presentation transcript:

Hands-on security Angelines Alberto Morillas Ciemat

SERVER: glite-tutor.ct.infn.it glite-tutor2.ct.infn.it USERNAME: sevillaXX PASSWORD: GridSEVXX PASSPHRASE: SEVILLA where XX = 01…30 How to access to the UI

Authentication and Authorization INSPECTING PERSONAL CERTIFICATE .globus: your personal certificate, two separate files (public and private keys)  You need them for the authenticated connections with all the other elements.  Check the permissions (you won´t be able to create a proxy if they are wrong) ls –l.globus -rw-r--r--usercert.pem -r userkey.pem

Authentication and Authorization INSPECTING PERSONAL CERTIFICATE  Look inside your certificate grid-cert-info  Important information  Creation and expiration date  Name and subject of the CA  Common Name (CN) of the certificate owner  Certificate subject

Authentication and Authorization Creation of a proxy with voms extensions  This step is comparable to a login on the grid. voms-proxy-init --voms gilda

Authentication and Authorization CHECK YOUR VOMS PROXY  To get info about your proxy voms-proxy-info -all  It shows two different lifetimes:  First is related to the proxy itself  The second one is referred to the AC infos added by the VOMS server.  Important: your proxy has 12 hours of live

MyProxyUse Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  Allows you to create and store a long term proxy certificate myproxy-init --voms gilda  The –s option allows you to specify the name of the myproxy server you want to contact myproxy-init --voms gilda –s grid001.ct.infn.it

MyProxyUse Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  The –d option allows you to create and store a long term proxy with your DN. myproxy-init --voms gilda –s grid001.ct.infn.it -d  Without this option, the name of the stored proxy is the same of the user in the local machine

MyProxyUse Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  The –l option allows you to create and store a long term proxy with a name specified by the user myproxy-init --voms gilda –s grid001.ct.infn.it –l GILDA_TUTOR  Each user can create and store several proxies in a myproxy server, but each remote proxy is linked to the specified username

MyProxyUse Gather information about the proxy in the MyProxy server  You can get info on myproxy server about your proxy myproxy-info –s grid001.ct.infn.it  If the credentials have been initialized with the –d switch, you also have to specify it when using myproxy-info myproxy-info –s grid001.ct.infn.it -d

MyProxyUse Gather information about the proxy in the MyProxy server  If the credentials have been initialized with the –l switch, you also have to specify it when using myproxy-info myproxy-info –s grid001.ct.infn.it –l GILDA_TUTOR  Note the differences in the usename of each proxy

MyProxyUse Gather information about the proxy in the MyProxy server  I f in your UI there is no local proxy, it´s not possible to be authenticated in the myproxy server  In this case is needed to get a delegate proxy form the MyProxy sever or create a local proxy with voms-proxy-init

MyProxyUse Get a delegated proxy from the MyProxy server  It allow you to get a proxy from the myproxy server  Destroy the proxy in the local machine and verify it doesn-t exist anymore voms-proxy-destroy voms-proxy-info couldn´t find a valid proxy

MyProxyUse Get a delegated proxy from the MyProxy server  Now in your UI (virtual o real), there is no local proxy.  To get a proxy from the myproxy sever myproxy-get-delegation –s grid001.ct.infn.it

MyProxyUse Get a delegated proxy from the MyProxy server  With –d option myproxy-get-delegation –s grid001.ct.infn.it –d  Verify now that the user has a local proxy voms-proxy-info

MyProxyUse Destroy remote proxy  You can destroy your remote proxy myproxy-destroy –s grid001.ct.infn.it  Check your remote proxy myproxy-info –s grid001.ct.infn.it

MyProxyUse Destroy remote proxy  Destroy your remote proxy with -d myproxy-destroy –s grid001.ct.infn.it -d  Check your remote proxy with -d myproxy-info –s grid001.ct.infn.it -d

MyProxyUse Destroy remote proxy  Destroy your remote proxy with -l myproxy-destroy –s grid001.ct.infn.it –l GILDA_TUTOR  Check your remote proxy with -L myproxy-info –s grid001.ct.infn.it –l GILDA_TUTOR