Presentation is loading. Please wait.

Presentation is loading. Please wait.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Hands on gLite Security.

Published byTamsin Little Modified over 8 years ago

Similar presentations

Presentation on theme: "The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Hands on gLite Security."— Presentation transcript:

1 www.epikh.eu The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS ma@ihep.ac.cn Hands on gLite Security

2 How to access the gilda user interface UI: gilda08.ihep.ac.cn username: tutorialXX xx=01,…,25 password: eschool 2 Access the gilda UI

3 VOMS proxy usage 3

4 .globus directory now contains your personal public / private keys [malanxin@gilda08 ~]$ ls –al.globus -rw-r--r-- 1 malanxin malanxin 1189 Aug 20 15:46 usercert.pem -r-------- 1 malanxin malanxin 1200 Aug 20 15:46 userkey.pem Pay attention to permissions – userkey.pem contains your private key, and must be readable just by yourself (400) – usercert.pem contains your public key, which should be readable also from outside (644) 4 Preliminary :.globus directory

5 Main options -voms  command syntax is :/ /group for group specify (default none)  command syntax is :/ /Role= for Role choice (default none) voms-proxy-init –voms gilda -valid x:y, create a proxy valid for x hours and y minutes -vomslife x, create a proxy with AC valid for x hours (max 24 h) -cert Non-standard location of user certificate -key Non-standard location of user key -out Non-standard location of new proxy cert -userconf Non-standard location for user-defined voms configuration file 5 voms-proxy-init : options

6 Exercise 1 : create a voms proxy voms-proxy-init –voms gilda then verify obtained credentials with voms-proxy-info -all voms-proxy-info –Main options : -all prints all proxy options -file specifies a different location of proxy file 6 Exercise1: Verify your credentials

7 [malanxin@gilda08 ~]$ voms-proxy-info -all subject : /C=IT/O=GILDA/OU=Personal Certificate/L=IHEP/CN=Lanxin Ma/CN=proxy issuer : /C=IT/O=GILDA/OU=Personal Certificate/L=IHEP/CN=Lanxin Ma identity : /C=IT/O=GILDA/OU=Personal Certificate/L=IHEP/CN=Lanxin Ma type : proxy strength : 1024 bits path : /tmp/x509up_u500 timeleft : 11:40:42 === VO gilda extension information === VO : gilda subject : /C=IT/O=GILDA/OU=Personal Certificate/L=IHEP/CN=Lanxin Ma issuer : /C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn.it attribute : /gilda/Role=NULL/Capability=NULL attribute : /gilda/generic-users/Role=NULL/Capability=NULL timeleft : 11:40:42 uri : voms.ct.infn.it:15001 7 VOMS proxy info Standard globus attributes Voms extensions

8 myproxy server: –myproxy-init  Allows to create and store a long term proxy certificate: –myproxy-info  Get information about stored long living proxy –myproxy-get-delegation  Get a new proxy from the MyProxy server –myproxy-destroy –Check out them with myproxy-xxx --help option 8 Long term proxy : MyProxy

9 [malanxin@gilda08 ~]$ myproxy-init --voms gilda Enter GRID pass phrase: Your identity: /C=IT/O=GILDA/OU=Personal Certificate/L=IHEP/CN=Lanxin Ma Creating temporary proxy............................................. Done Contacting voms.ct.infn.it:15001 [/C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn.it] "gilda" Done Creating proxy...................................... Done Your proxy is valid until Sun Sep 5 10:22:42 2010 verify OK Enter MyProxy pass phrase: Verifying - Enter MyProxy pass phrase: A proxy valid for 168 hours (7.0 days) for user malanxin now exists on myproxy.ct.infn.it. Principal options -c hours specifies lifetime of stored credentials -t hours specifies the maximum lifetime of credentials when retrieved -s specifies the myproxy server where to store credentials -d stores credential with the distinguished name in proxy, instead of user name (mandatory for some data management services and proxy renewal) For proxy renewal it’s also mandatory –n (no passphrase). You’ve to specify also subject of principals that can renew a delegation (-R subject, or -A for any principal) 9 myproxy-init

10 Useful to retrieve info on stored credentials Need local credentials to be performed If credentials have been initialized with –d switch, you have also to specify it there [malanxin@gilda08 ~]$ myproxy-info username: malanxin owner: /C=IT/O=GILDA/OU=Personal Certificate/L=IHEP/CN=Lanxin Ma timeleft: 167:59:49 (7.0 days) 10 myproxy-info

11 This command is used to retrieve a delegation from a long lived proxy stored on myproxy server It is independent by the machine ! You don’t need to have your certificate on board If credentials have been initialized with –d switch, you have to specify it also in myproxy-get-delegation request [malanxin@gilda08 ~]$ myproxy-get-delegation Enter MyProxy pass phrase: mlA credential has been received for user malanxin in /tmp/x509up_u500. 11 myproxy-get-delegation

12 Delete, if existing, the long lived credentials on the specified myproxy server [malanxin@gilda08 ~]$ myproxy-destroy Default MyProxy credential for user malanxin was successfully removed. 12 myproxy-destroy

13 13

Download ppt "The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) 马兰馨 IHEP, CAS Hands on gLite Security."

Similar presentations

It’s not about security... it’s about access! Grid Security Pieter van Beek.

It’s not about security... it’s about access! Grid Security Pieter van Beek.
Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.

Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE Tutorial Getting started with GILDA.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Tutorial Getting started with GILDA.
Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Claudio Cherubino, INFN Catania Grid Tutorial for users Merida, 27-29 April 2006 Authorization.

INFSO-RI Enabling Grids for E-sciencE Claudio Cherubino, INFN Catania Grid Tutorial for users Merida, April 2006 Authorization.
Summer School Certificates Diego Romano & Gilda Team.

Summer School Certificates Diego Romano & Gilda Team.
GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.

GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.
Enabling Grids for E-sciencE www.eu-egee.org Security on gLite middleware Matthieu Reichstadt CNRS/IN2P3 ACGRID School, Hanoi (Vietnam) November 5th, 2007.

Enabling Grids for E-sciencE Security on gLite middleware Matthieu Reichstadt CNRS/IN2P3 ACGRID School, Hanoi (Vietnam) November 5th, 2007.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.
IST-2006-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.

IST E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Security on Grid: Emidio Giorgio INFN – Catania Pisa, EGEE 4 th Conference Training Day, 23.

INFSO-RI Enabling Grids for E-sciencE Security on Grid: Emidio Giorgio INFN – Catania Pisa, EGEE 4 th Conference Training Day, 23.
Www.eu-eela.org E-science grid facility for Europe and Latin America gLite Security Alfonso Pardo CETA-CIEMAT - Spain Dublin (Ireland), 15-18 September.

E-science grid facility for Europe and Latin America gLite Security Alfonso Pardo CETA-CIEMAT - Spain Dublin (Ireland), September.
Www.eu-eela.org E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.

E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.
Exporting User Certificate from Internet Explorer.

Exporting User Certificate from Internet Explorer.
Www.eu-eela.org E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.

E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org VOMS architecture Valerio Venturi, Vincenzo Ciaschini INFN First gLite tutorial on GILDA,

INFSO-RI Enabling Grids for E-sciencE VOMS architecture Valerio Venturi, Vincenzo Ciaschini INFN First gLite tutorial on GILDA,
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Introduction to GILDA and gaining access.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to GILDA and gaining access.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.

INFSO-RI Enabling Grids for E-sciencE GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.

Similar presentations

Ads by Google