Setting up MyProxy authentication for use with our service infrastructure

If you have an NCSA or Teragrid account, you will be able to use Siege to launch and monitor workflows on the resources currently mapped in the Host Information Service.

If not, you will need to apply for an account (see either NCSA Allocations or Teragrid Allocations).

Once you have an account, three additional steps must be taken.

(1) Obtain an X.509 Certificate

You can do this through the NCSA Certificate Authority; for other options, see also Non-default Teragrid credentials.

Once you have obtained your certificate, be sure to follow the additional instructions for setting up DN entries in the grid-map files of the resources you wish to use.

(2) Register your credentials in the MyProxy server

Log on to a Teragrid resource, and do:

  • myproxy-init -s myproxy.ncsa.uiuc.edu -A -k renewable -c 8760 -t 24

This will give you a long term credential in the MyProxy server which can be accessed either using your Kerberos password or "anonymously" by any requesting entity with a valid credential (such as the Broker service).

NOTES
  • The '-c' option determines the length of the credential in hours; it cannot exceed the expiration of the certificate you received from the certificate authority; 8760 would be the maximum here, but you may need to adjust this down to remain inside the actual expiration time (otherwise you will get an error message on the command-line).
  • The '-t' is the length of the proxy issued to you when getProxy() is called on the server.
  • The '-k' is the name of the anonymous credential: renewable is the name under which the Broker asks for your proxy, so this must be specified on the myproxy-init line for automatic proxy refreshing on long-running jobs to work.

For further information, see MyProxy.

(3) Register your DN with our services

This unfortunately is not yet automatic. Send an e-mail to arossi@ncsa.uiuc.edu indicating your Kerberos user name; your DN will then be added to the grid-map file on the host where our services run, and your user home(s) will be mapped to our Host Information Service. These two steps are necessary before you can run workflows through the Broker.

  • No labels