Difference between revisions of "USG Setting up the UI Environment"
Line 7: | Line 7: | ||
---- | ---- | ||
You will find how to configure the files, permissions and paths of the UI Environment to provide an optimal environment for Grid use and for running applications on the Grid. | |||
<div class="sect2" title="Installing Your Certificate"><div class="titlepage"><div><div> | |||
=== Installing Your Certificate === | |||
<div title="Installing Your Certificate | </div></div></div> | ||
=== Installing Your Certificate === | Once an account on a user interface has been created, the user certificate must be installed. The recommended procedure is to create a directory named <code class="code">.globus</code> under the user home directory to contain your grid credentials. After installation, you can check that it has been done properly with the <code class="code">voms-proxy-init</code> command. | ||
</div></div></div> | <div class="sect3" title="PKCS12 (*.p12) Formatted Certificates"><div class="titlepage"><div><div> | ||
Once an account on a user interface has been created, the user certificate must be installed. The recommended procedure is to create a directory named <code class="code">.globus</code> under the user home directory to contain your grid credentials. After installation, you can check that it has been done properly with the <code class="code">voms-proxy-init</code> command. | ==== PKCS12 (*.p12) Formatted Certificates ==== | ||
<div title="PKCS12 (*.p12) Formatted Certificates | </div></div></div> | ||
==== PKCS12 (*.p12) Formatted Certificates ==== | If you have your credential in <span class="emphasis">''PKCS12 format''</span> (a file with either <code class="code">p12</code> or <code class="code">pfx</code> extension), then copy your credential to the .globus directory and name the file <code class="code">usercred.p12</code>. You need to change the file permission to make sure only you have access to it: | ||
</div></div></div> | <pre class="command">$ chmod 0400 usercred.p12</pre> | ||
If you have your credential in <span class="emphasis">''PKCS12 format''</span> (a file with either <code class="code">p12</code> or <code class="code">pfx</code> extension), then copy your credential to the .globus directory and name the file <code class="code">usercred.p12</code>. You need to change the file permission to make sure only you have access to it: | The listing of the directory should be similar to: | ||
<pre class="command">$ chmod 0400 usercred.p12</pre> | <pre class="command">$ ls -l $HOME/.globus</pre><pre class="response">-r-------- 1 doe xy 2935 Feb 1 10:49 usercred.p12</pre></div><div class="sect3" title="PEM (*.pem) Formatted Certificates"><div class="titlepage"><div><div> | ||
The listing of the directory should be similar to: | ==== PEM (*.pem) Formatted Certificates ==== | ||
<pre class="command">$ ls -l $HOME/.globus</pre><pre class="response">-r-------- 1 doe xy 2935 Feb 1 10:49 usercred.p12</pre></div><div title="PEM (*.pem) Formatted Certificates | </div></div></div> | ||
==== PEM (*.pem) Formatted Certificates ==== | If you have your credential in <span class="emphasis">''PEM format''</span> (two files with <code class="code">pem</code> extension) then put the certificate and key files in the <code class="code">.globus</code> directory, naming them <code class="code">usercert.pem</code> and <code class="code">userkey.pem</code> respectively, with global read-only permissions for the former, and owner-read permissions for the latter, like so: | ||
</div></div></div> | |||
If you have your credential in <span class="emphasis">''PEM format''</span> (two files with <code class="code">pem</code> extension) then put the certificate and key files in the <code class="code">.globus</code> directory, naming them <code class="code">usercert.pem</code> and <code class="code">userkey.pem</code> respectively, with global read-only permissions for the former, and owner-read permissions for the latter, like so: | |||
<pre class="command">$ chmod 444 usercert.pem | <pre class="command">$ chmod 444 usercert.pem | ||
$ chmod 400 userkey.pem</pre> | $ chmod 400 userkey.pem</pre> | ||
A listing of the directory should be similar to: | A listing of the directory should be similar to: | ||
<pre class="command">$ ls -l $HOME/.globus</pre><pre class="response">-r--r--r-- 1 doe xy 4541 Aug 23 2006 usercert.pem | <pre class="command">$ ls -l $HOME/.globus</pre><pre class="response">-r--r--r-- 1 doe xy 4541 Aug 23 2006 usercert.pem | ||
-r-------- 1 doe xy 963 Aug 23 2006 userkey.pem</pre></div></div><div | -r-------- 1 doe xy 963 Aug 23 2006 userkey.pem</pre></div></div><div class="sect2" title="Access to Grid Client Commands"><br></div> | ||
[[Category:Operations_Manuals]] | |||
Latest revision as of 14:48, 10 January 2013
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
You will find how to configure the files, permissions and paths of the UI Environment to provide an optimal environment for Grid use and for running applications on the Grid.
Installing Your Certificate
Once an account on a user interface has been created, the user certificate must be installed. The recommended procedure is to create a directory named .globus
under the user home directory to contain your grid credentials. After installation, you can check that it has been done properly with the voms-proxy-init
command.
PKCS12 (*.p12) Formatted Certificates
If you have your credential in PKCS12 format (a file with either p12
or pfx
extension), then copy your credential to the .globus directory and name the file usercred.p12
. You need to change the file permission to make sure only you have access to it:
$ chmod 0400 usercred.p12
The listing of the directory should be similar to:
$ ls -l $HOME/.globus
-r-------- 1 doe xy 2935 Feb 1 10:49 usercred.p12
PEM (*.pem) Formatted Certificates
If you have your credential in PEM format (two files with pem
extension) then put the certificate and key files in the .globus
directory, naming them usercert.pem
and userkey.pem
respectively, with global read-only permissions for the former, and owner-read permissions for the latter, like so:
$ chmod 444 usercert.pem $ chmod 400 userkey.pem
A listing of the directory should be similar to:
$ ls -l $HOME/.globus
-r--r--r-- 1 doe xy 4541 Aug 23 2006 usercert.pem -r-------- 1 doe xy 963 Aug 23 2006 userkey.pem