Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-on security Carlos Fuentes RedIRIS Madrid,26 – 30 de Octubre de 2008.

Published byJulian Chandler Modified over 8 years ago

Similar presentations

Presentation on theme: "Hands-on security Carlos Fuentes RedIRIS Madrid,26 – 30 de Octubre de 2008."— Presentation transcript:

1 Hands-on security Carlos Fuentes RedIRIS Madrid,26 – 30 de Octubre de 2008

2 SERVER: glite-tutor.ct.infn.it glite-tutor2.ct.infn.it USERNAME: barcellonaXX PASSWORD: GridBARXX PASSPHRASE: BARCELLONA where XX = 01…30 How to access to the UI

3 Authentication and Authorization INSPECTING PERSONAL CERTIFICATE .globus: your personal certificate, two separate files (public and private keys)  You need them for the authenticated connections with all the other elements.  Check the permissions (you won´t be able to create a proxy if they are wrong) ls –l.globus -rw-r--r--usercert.pem -r--------userkey.pem

4 Authentication and Authorization INSPECTING PERSONAL CERTIFICATE  Look inside your certificate grid-cert-info  Important information  Creation and expiration date  Name and subject of the CA  Common Name (CN) of the certificate owner  Certificate subject

5 Authentication and Authorization Creation of a proxy with voms extensions  This step is comparable to a login on the grid. voms-proxy-init --voms gilda carlos@gilda-ui carlos]$ voms-proxy-init --voms gilda Your identity: /DC=es/DC=irisgrid/O=rediris/CN=carlos.fuentes Creating temporary proxy...................................................... Done Contacting voms.ct.infn.it:15001 [/C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn.it] "gilda" Done Creating proxy..................................................................................................................................................... Done Your proxy is valid until Mon Feb 1 22:36:29 2010

6 Authentication and Authorization CHECK YOUR VOMS PROXY  To get info about your proxy voms-proxy-info -all  It shows two different lifetimes:  First is related to the proxy itself  The second one is referred to the AC infos added by the VOMS server.  Important: your proxy has 12 hours of live [carlos@gilda-ui carlos]$ voms-proxy-info --all subject : /DC=es/DC=irisgrid/O=rediris/CN=carlos.fuentes/CN=proxy issuer : /DC=es/DC=irisgrid/O=rediris/CN=carlos.fuentes identity : /DC=es/DC=irisgrid/O=rediris/CN=carlos.fuentes type : proxy strength : 1024 bits path : /tmp/x509up_u505 timeleft : 11:58:01 === VO gilda extension information === VO : gilda subject : /DC=es/DC=irisgrid/O=rediris/CN=carlos.fuentes issuer : /C=IT/O=INFN/OU=Host/L=Catania/CN=voms.ct.infn.it attribute : /gilda/Role=NULL/Capability=NULL timeleft : 11:58:00 uri : voms.ct.infn.it:15001

7 Authentication and Authorization LOGOUT FROM THE GRID  To delete your proxy voms-proxy-destroy

8 MyProxyUse Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  Allows you to create and store a long term proxy certificate myproxy-init  The –s option allows you to specify the name of the myproxy server you want to contact myproxy-init –s grid001.ct.infn.it

9 MyProxyUse Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  The –d option allows you to create and store a long term proxy with your DN. myproxy-init –s grid001.ct.infn.it -d  Without this option, the name of the stored proxy is the same of the user in the local machine

10 MyProxyUse Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  The –l option allows you to create and store a long term proxy with a name specified by the user myproxy-init –s grid001.ct.infn.it –l GILDA_TUTOR  Each user can create and store several proxies in a myproxy server, but each remote proxy is linked to the specified username

11 MyProxyUse Gather information about the proxy in the MyProxy server  I f in your UI there is no local proxy, it´s not possible to be authenticated in the myproxy server  In this case is needed to get a delegate proxy form the MyProxy sever or create a local proxy with voms-proxy-init

12 MyProxyUse Get a delegated proxy from the MyProxy server  It allow you to get a proxy from the myproxy server  Destroy the proxy in the local machine and verify it doesn-t exist anymore voms-proxy-destroy voms-proxy-info couldn´t find a valid proxy

13 MyProxyUse Get a delegated proxy from the MyProxy server  Now in your UI (virtual o real), there is no local proxy.  To get a proxy from the myproxy sever myproxy-get-delegation –s grid001.ct.infn.it

14 MyProxyUse Get a delegated proxy from the MyProxy server  With –d option myproxy-get-delegation –s grid001.ct.infn.it –d  Verify now that the user has a local proxy voms-proxy-info

15 MyProxyUse Gather information about the proxy in the MyProxy server  You can get info on myproxy server about your proxy myproxy-info –s grid001.ct.infn.it  If the credentials have been initialized with the –d switch, you also have to specify it when using myproxy-info myproxy-info –s grid001.ct.infn.it -d

16 MyProxyUse Gather information about the proxy in the MyProxy server  If the credentials have been initialized with the –l switch, you also have to specify it when using myproxy-info myproxy-info –s grid001.ct.infn.it –l GILDA_TUTOR  Note the differences in the usename of each proxy

17 MyProxyUse Destroy remote proxy  You can destroy your remote proxy myproxy-destroy –s grid001.ct.infn.it  Check your remote proxy myproxy-info –s grid001.ct.infn.it

18 MyProxyUse Destroy remote proxy  Destroy your remote proxy with -d myproxy-destroy –s grid001.ct.infn.it -d  Check your remote proxy with -d myproxy-info –s grid001.ct.infn.it -d

19 MyProxyUse Destroy remote proxy  Destroy your remote proxy with -l myproxy-destroy –s grid001.ct.infn.it –l GILDA_TUTOR  Check your remote proxy with -L myproxy-info –s grid001.ct.infn.it –l GILDA_TUTOR

Download ppt "Hands-on security Carlos Fuentes RedIRIS Madrid,26 – 30 de Octubre de 2008."

Similar presentations

12th EELA Tutorial, Lima, 24-28.09.2007 FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America.

12th EELA Tutorial, Lima, FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America.
It’s not about security... it’s about access! Grid Security Pieter van Beek.

It’s not about security... it’s about access! Grid Security Pieter van Beek.
Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.

Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE Tutorial Getting started with GILDA.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Tutorial Getting started with GILDA.
Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Claudio Cherubino, INFN Catania Grid Tutorial for users Merida, 27-29 April 2006 Authorization.

INFSO-RI Enabling Grids for E-sciencE Claudio Cherubino, INFN Catania Grid Tutorial for users Merida, April 2006 Authorization.
Mechanisms to Secure x.509 Grid Certificates Andrew Hanushevsky Robert Cowles Stanford Linear Accelerator Center.

Mechanisms to Secure x.509 Grid Certificates Andrew Hanushevsky Robert Cowles Stanford Linear Accelerator Center.
GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.

GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.
Enabling Grids for E-sciencE www.eu-egee.org Security on gLite middleware Matthieu Reichstadt CNRS/IN2P3 ACGRID School, Hanoi (Vietnam) November 5th, 2007.

Enabling Grids for E-sciencE Security on gLite middleware Matthieu Reichstadt CNRS/IN2P3 ACGRID School, Hanoi (Vietnam) November 5th, 2007.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,
Riccardo Bruno INFN.CT Sevilla, 10-14 Sep 2007 The GENIUS Grid portal.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.
Www.eu-eela.org E-science grid facility for Europe and Latin America gLite Security Alfonso Pardo CETA-CIEMAT - Spain Dublin (Ireland), 15-18 September.

E-science grid facility for Europe and Latin America gLite Security Alfonso Pardo CETA-CIEMAT - Spain Dublin (Ireland), September.
Www.eu-eela.org E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.

E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America MyProxy server installation Emidio Giorgio.
Www.eu-eela.org E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.

E-infrastructure shared between Europe and Latin America Security Hands-on Christian Grunfeld, UNLP 8th EELA Tutorial, La Plata, 11/12-12/12,2006.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Introduction to GILDA and gaining access.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to GILDA and gaining access.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.

INFSO-RI Enabling Grids for E-sciencE GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.
Www.eu-eela.org E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA-026409 Hands-on on security Pedro Rausch IF - UFRJ.

E-infrastructure shared between Europe and Latin America FP6−2004−Infrastructures−6-SSA Hands-on on security Pedro Rausch IF - UFRJ.

Similar presentations

Ads by Google