Troubleshooting Grid authentication from the client side By Adriaan van der Zee Big Grid meeting 2008-01-19.

Slides:

Advertisements

Similar presentations

MyProxy Guy Warner NeSC Training.

Advertisements

VO Support and directions in OMII-UK Steven Newhouse, Director.

FP7-INFRA Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.

Grid Resource Allocation Management (GRAM) GRAM provides the user to access the grid in order to run, terminate and monitor jobs remotely. The job request.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

OSG AuthZ Architecture AuthZ Components Legend VO Management Services Grid Site GUMS Site Services SAZ CE Gatekeeper Prima Is Auth? Yes / No SE SRM gPlazma.

Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.

Jim Basney GSI Credential Management with MyProxy GGF8 Production Grid Management RG Workshop June.

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Grid Security. Typical Grid Scenario Users Resources.

Job submission architectures in GRID environment Masamichi Ando M1 Student Taura Lab. Department of Information Science and Technology.

Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.

Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug

National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.

Ákos FROHNER – DataGrid Security Requirements n° 1 Security Group D7.5 Document and Open Issues

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security and Job Management.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.

EDG Security European DataGrid Project Security Coordination Group

10-May-01D.P.Kelsey, Security Workshop Summary1 DataGrid Security Workshop 29/30 March 2001 SUMMARY David Kelsey CLRC/RAL, UK

June 24-25, 2008 Regional Grid Training, University of Belgrade, Serbia Introduction to gLite gLite Basic Services Antun Balaž SCL, Institute of Physics.

National Computational Science National Center for Supercomputing Applications National Computational Science Credential Management in the Grid Security.

CertWizard: a New Certificate Tool for the UK NGI User Community John Kewley ( ), Jens Jensen, David Meredith and Akay Okcun 16/11/20151EGI.

VO. VOMS 1. Authentication2. Credentials 3. Authentication Client Resource.

Grid, Web services and Taverna Machiel Jansen Richard Holland.

Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Site Architecture Resource Center Deployment Considerations MIMOS EGEE Tutorial.

Hands-on security Angelines Alberto Morillas Ciemat.

Grid Access Toolkit for MS Windows Daniel Kouřil CESNET, MWSG meeting, Jun

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Alexandre Duarte CERN IT-GD-OPS UFCG LSD 1st EELA Grid School.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

VO Box Issues Summary of concerns expressed following publication of Jeff’s slides Ian Bird GDB, Bologna, 12 Oct 2005 (not necessarily the opinion of)

EGEE-II INFSO-RI Enabling Grids for E-sciencE MyProxy - a brief introduction.

Office of Science U.S. Department of Energy Grid Security at NERSC/LBL Presented by Steve Chan Network, Security and Servers

1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Introduction to P-GRADE Portal hands-on Miklos Kozlovszky MTA SZTAKI

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

EGEE 3 rd conference - Athens – 20/04/2005 CREAM JDL vs JSDL Massimo Sgaravatto INFN - Padova.

The Institute of High Energy of Physics, Chinese Academy of Sciences Sharing LCG files across different platforms Cheng Yaodong, Wang Lu, Liu Aigui, Chen.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Using Certificate & Simple Job Submission Jinny Chien ASGC.

13th EELA Tutorial, La Antigua, 18-19, October E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA

EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI VOMS Proxy Lifetime UCB 21 Aug 2012 David Kelsey STFC.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Overview of gLite, the EGEE middleware Mike Mineter Training Outreach Education National.

RI EGI-TF 2010, Tutorial Managing an EGEE/EGI Virtual Organisation (VO) with EDGES bridged Desktop Resources Tutorial Robert Lovas, MTA SZTAKI.

2007© SWITCH SWITCHslcs the new AAI-based short-lived credential service for Grid users C.Witzig Swiss Grid Day, Berne, May 7, 2007.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

The NGS Portal Guy Warner NeSC Training.

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.

Authentication, Authorisation and Security

MyProxy Server Installation

Technical Board Meeting, CNAF, 14 Feb. 2004

Grid accounting system

NAREGI-CA Development of NAREGI-CA NAREGI-CA Software CP/CPS Audit

Creating and running applications on the NGS

CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.

Viet Tran Institute of Informatics Slovakia

Update on EDG Security (VOMS)

WMS Options: DIRAC and GlideIN-WMS

The GENIUS Security Services

GENIUS Grid portal Hands on

Presentation transcript:

Troubleshooting Grid authentication from the client side By Adriaan van der Zee Big Grid meeting

Contents Introducing myself The project X.509 certificates, proxies and delegation Possible authentication problems Involved Grid components Problem identification tool

About me : bachelor Information Technology (INHOLLAND Diemen) Currently: one-year master System and Network Engineering (UvA Amsterdam) –First of two four-week research projects

The Project To what extent can authentication failures in the Grid be identified and resolved from the client side? What are the possible causes of GSI authentication failures? Which Grid components are involved in GSI authentication for standard job submission and execution? How can a client determine which systems are probable causes of authentication failure for a job? Is it possible for a client to test authentication by contacting such systems directly?

X.509 certificates, proxies and delegation Proxy certificates are used for single sign-on and delegation –Not protected with a passphrase, but short-lived –Single sign-on: user can submit multiple jobs without re-entering passphrase –Delegation: a job can be sent further into the Grid on the user’s behalf –A MyProxy service can be used by a Grid component to renew a proxy

Possible authentication problems Proxy or host certificate has expired Certificate Revocation List (CRL) out of date Unknown CA VOMS attribute certificates missing Failure to map user to a local account

Involved Grid components UI VOMS MyProxy WMS CE

Problem identification tool A command line tool for the UI Used when (suspected) authentication failures are experienced To identify the cause and system responsible for the authentication failure Should aid problem resolution