Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-on security Angelines Alberto Morillas Ciemat.

Published byShonda McKinney Modified over 9 years ago

Similar presentations

Presentation on theme: "Hands-on security Angelines Alberto Morillas Ciemat."— Presentation transcript:

1 Hands-on security Angelines Alberto Morillas Ciemat

2 SERVER: glite-tutor.ct.infn.it glite-tutor2.ct.infn.it USERNAME: sevillaXX PASSWORD: GridSEVXX PASSPHRASE: SEVILLA where XX = 01…30 How to access to the UI

3 Authentication and Authorization INSPECTING PERSONAL CERTIFICATE .globus: your personal certificate, two separate files (public and private keys)  You need them for the authenticated connections with all the other elements.  Check the permissions (you won´t be able to create a proxy if they are wrong) ls –l.globus -rw-r--r--usercert.pem -r--------userkey.pem

4 Authentication and Authorization INSPECTING PERSONAL CERTIFICATE  Look inside your certificate grid-cert-info  Important information  Creation and expiration date  Name and subject of the CA  Common Name (CN) of the certificate owner  Certificate subject

5 Authentication and Authorization Creation of a proxy with voms extensions  This step is comparable to a login on the grid. voms-proxy-init --voms gilda

6 Authentication and Authorization CHECK YOUR VOMS PROXY  To get info about your proxy voms-proxy-info -all  It shows two different lifetimes:  First is related to the proxy itself  The second one is referred to the AC infos added by the VOMS server.  Important: your proxy has 12 hours of live

7 MyProxyUse Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  Allows you to create and store a long term proxy certificate myproxy-init --voms gilda  The –s option allows you to specify the name of the myproxy server you want to contact myproxy-init --voms gilda –s grid001.ct.infn.it

8 MyProxyUse Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  The –d option allows you to create and store a long term proxy with your DN. myproxy-init --voms gilda –s grid001.ct.infn.it -d  Without this option, the name of the stored proxy is the same of the user in the local machine

9 MyProxyUse Register a long living proxy in the MyProxy server (grid001.ct.infn.it)  The –l option allows you to create and store a long term proxy with a name specified by the user myproxy-init --voms gilda –s grid001.ct.infn.it –l GILDA_TUTOR  Each user can create and store several proxies in a myproxy server, but each remote proxy is linked to the specified username

10 MyProxyUse Gather information about the proxy in the MyProxy server  You can get info on myproxy server about your proxy myproxy-info –s grid001.ct.infn.it  If the credentials have been initialized with the –d switch, you also have to specify it when using myproxy-info myproxy-info –s grid001.ct.infn.it -d

11 MyProxyUse Gather information about the proxy in the MyProxy server  If the credentials have been initialized with the –l switch, you also have to specify it when using myproxy-info myproxy-info –s grid001.ct.infn.it –l GILDA_TUTOR  Note the differences in the usename of each proxy

12 MyProxyUse Gather information about the proxy in the MyProxy server  I f in your UI there is no local proxy, it´s not possible to be authenticated in the myproxy server  In this case is needed to get a delegate proxy form the MyProxy sever or create a local proxy with voms-proxy-init

13 MyProxyUse Get a delegated proxy from the MyProxy server  It allow you to get a proxy from the myproxy server  Destroy the proxy in the local machine and verify it doesn-t exist anymore voms-proxy-destroy voms-proxy-info couldn´t find a valid proxy

14 MyProxyUse Get a delegated proxy from the MyProxy server  Now in your UI (virtual o real), there is no local proxy.  To get a proxy from the myproxy sever myproxy-get-delegation –s grid001.ct.infn.it

15 MyProxyUse Get a delegated proxy from the MyProxy server  With –d option myproxy-get-delegation –s grid001.ct.infn.it –d  Verify now that the user has a local proxy voms-proxy-info

16 MyProxyUse Destroy remote proxy  You can destroy your remote proxy myproxy-destroy –s grid001.ct.infn.it  Check your remote proxy myproxy-info –s grid001.ct.infn.it

17 MyProxyUse Destroy remote proxy  Destroy your remote proxy with -d myproxy-destroy –s grid001.ct.infn.it -d  Check your remote proxy with -d myproxy-info –s grid001.ct.infn.it -d

18 MyProxyUse Destroy remote proxy  Destroy your remote proxy with -l myproxy-destroy –s grid001.ct.infn.it –l GILDA_TUTOR  Check your remote proxy with -L myproxy-info –s grid001.ct.infn.it –l GILDA_TUTOR

Download ppt "Hands-on security Angelines Alberto Morillas Ciemat."

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Introduction to EGEE hands-on Gergely Sipos.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to EGEE hands-on Gergely Sipos.
12th EELA Tutorial, Lima, 24-28.09.2007 FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America.

12th EELA Tutorial, Lima, FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America.
It’s not about security... it’s about access! Grid Security Pieter van Beek.

It’s not about security... it’s about access! Grid Security Pieter van Beek.
Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.

Riccardo Bruno, INFN.CT Sevilla, 10-14/09/2007 GENIUS Exercises.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE Tutorial Getting started with GILDA.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Tutorial Getting started with GILDA.
Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Summer School Certificates Diego Romano & Gilda Team.

Summer School Certificates Diego Romano & Gilda Team.
Mechanisms to Secure x.509 Grid Certificates Andrew Hanushevsky Robert Cowles Stanford Linear Accelerator Center.

Mechanisms to Secure x.509 Grid Certificates Andrew Hanushevsky Robert Cowles Stanford Linear Accelerator Center.
GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.

GLite authentication and authorization Discipline: Grid Computing, 07/08-2 Practical classes Inês Dutra, DCC/FCUP.
Enabling Grids for E-sciencE www.eu-egee.org Security on gLite middleware Matthieu Reichstadt CNRS/IN2P3 ACGRID School, Hanoi (Vietnam) November 5th, 2007.

Enabling Grids for E-sciencE Security on gLite middleware Matthieu Reichstadt CNRS/IN2P3 ACGRID School, Hanoi (Vietnam) November 5th, 2007.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,

INFSO-RI Enabling Grids for E-sciencE Practicals on VOMS and MyProxy Emidio Giorgio INFN Retreat between GILDA and ESR VO, Bratislava,
Riccardo Bruno INFN.CT Sevilla, 10-14 Sep 2007 The GENIUS Grid portal.

Riccardo Bruno INFN.CT Sevilla, Sep 2007 The GENIUS Grid portal.
FP6−2004−Infrastructures−6-SSA-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America Luciano Díaz ICN-UNAM Based on Domenico.
IST-2006-026409 www.eu-eela.org E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.

IST E-infrastructure shared between Europe and Latin America VOMS and MyProxy Server installation and configuration Pedro Henrique.
Www.eu-eela.org E-science grid facility for Europe and Latin America gLite Security Alfonso Pardo CETA-CIEMAT - Spain Dublin (Ireland), 15-18 September.

E-science grid facility for Europe and Latin America gLite Security Alfonso Pardo CETA-CIEMAT - Spain Dublin (Ireland), September.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.

National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
Www.eu-eela.org E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.

E-science grid facility for Europe and Latin America E2GRIS1 Raúl Priego Martínez – CETA-CIEMAT (Spain)‏ Itacuruça (Brazil), 2-15 November.
Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.

Military Technical Academy Bucharest, 2004 GETTING ACCESS TO THE GRID Authentication, Authorization and Delegation ADINA RIPOSAN Applied Information Technology.

Similar presentations

Ads by Google