Hands-on security - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Hands-on security

Description:

... certificate, two separate files (public and private keys) ... First is related ... the name of the stored proxy is the same of the user in the local machine ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 19
Provided by: claudioc7
Category:
Tags: hands | keys | security

less

Transcript and Presenter's Notes

Title: Hands-on security


1
Hands-on security
  • Antonio Fuentes Bermejo
  • RedIRIS
  • Oviedo, 20 de Noviembre de 2007

2
How to access to the UI
  • SERVER glite-tutor2.ct.infn.it
  • USERNAME oviedoXX
  • PASSWORD GridOVIXX
  • PASSPHRASE OVIEDO
  • where XX 0130

3
Authentication and Authorization
  • INSPECTING PERSONAL CERTIFICATE
  • .globus your personal certificate, two separate
    files (public and private keys)
  • You need them for the authenticated connections
    with all the other elements.
  • Check the permissions (you wont be able to
    create a proxy if they are wrong)
  • ls l .globus
  • -rw-r--r-- usercert.pem
  • -r-------- userkey.pem

4
Authentication and Authorization
  • INSPECTING PERSONAL CERTIFICATE
  • Look inside your certificate
  • grid-cert-info
  • Important information
  • Creation and expiration date
  • Name and subject of the CA
  • Common Name (CN) of the certificate owner
  • Certificate subject

5
Authentication and Authorization
  • Creation of a proxy with voms extensions
  • This step is comparable to a login on the grid.
  • voms-proxy-init --voms gilda

6
Authentication and Authorization
  • CHECK YOUR VOMS PROXY
  • To get info about your proxy
  • voms-proxy-info -all
  • It shows two different lifetimes
  • First is related to the proxy itself
  • The second one is referred to the AC infos added
    by the VOMS server.
  • Important your proxy has 12 hours of live

7
MyProxyUse
  • Register a long living proxy in the MyProxy
    server (grid001.ct.infn.it)
  • Allows you to create and store a long term proxy
    certificate
  • myproxy-init --voms gilda
  • The s option allows you to specify the name of
    the myproxy server you want to contact
  • myproxy-init --voms gilda s grid001.ct.infn.it

8
MyProxyUse
  • Register a long living proxy in the MyProxy
    server (grid001.ct.infn.it)
  • The d option allows you to create and store a
    long term proxy with your DN.
  • myproxy-init --voms gilda s grid001.ct.infn.it
    -d
  • Without this option, the name of the stored proxy
    is the same of the user in the local machine

9
MyProxyUse
  • Register a long living proxy in the MyProxy
    server (grid001.ct.infn.it)
  • The l option allows you to create and store a
    long term proxy with a name specified by the user
  • myproxy-init --voms gilda
  • s grid001.ct.infn.it l GILDA_TUTOR
  • Each user can create and store several proxies in
    a myproxy server, but each remote proxy is linked
    to the specified username

10
MyProxyUse
  • Gather information about the proxy in the MyProxy
    server
  • You can get info on myproxy server about your
    proxy
  • myproxy-info s grid001.ct.infn.it
  • If the credentials have been initialized with the
    d switch, you also have to specify it when using
    myproxy-info
  • myproxy-info s grid001.ct.infn.it -d

11
MyProxyUse
  • Gather information about the proxy in the MyProxy
    server
  • If the credentials have been initialized with the
    l switch, you also have to specify it when using
    myproxy-info
  • myproxy-info
  • s grid001.ct.infn.it l GILDA_TUTOR
  • Note the differences in the usename of each proxy

12
MyProxyUse
  • Gather information about the proxy in the MyProxy
    server
  • If in your UI there is no local proxy, its not
    possible to be authenticated in the myproxy
    server
  • In this case is needed to get a delegate proxy
    form the MyProxy sever or create a local proxy
    with
  • voms-proxy-init

13
MyProxyUse
  • Get a delegated proxy from the MyProxy server
  • It allow you to get a proxy from the myproxy
    server
  • Destroy the proxy in the local machine and verify
    it doesn-t exist anymore
  • voms-proxy-destroy
  • voms-proxy-info
  • couldnt find a valid proxy

14
MyProxyUse
  • Get a delegated proxy from the MyProxy server
  • Now in your UI (virtual o real), there is no
    local proxy.
  • To get a proxy from the myproxy sever
  • myproxy-get-delegation s grid001.ct.infn.it

15
MyProxyUse
  • Get a delegated proxy from the MyProxy server
  • With d option
  • myproxy-get-delegation s grid001.ct.infn.it
    d
  • Verify now that the user has a local proxy
  • voms-proxy-info

16
MyProxyUse
  • Destroy remote proxy
  • You can destroy your remote proxy
  • myproxy-destroy s grid001.ct.infn.it
  • Check your remote proxy
  • myproxy-info s grid001.ct.infn.it

17
MyProxyUse
  • Destroy remote proxy
  • Destroy your remote proxy with -d
  • myproxy-destroy s grid001.ct.infn.it -d
  • Check your remote proxy with -d
  • myproxy-info s grid001.ct.infn.it -d

18
MyProxyUse
  • Destroy remote proxy
  • Destroy your remote proxy with -l
  • myproxy-destroy
  • s grid001.ct.infn.it l GILDA_TUTOR
  • Check your remote proxy with -L
  • myproxy-info
  • s grid001.ct.infn.it l GILDA_TUTOR
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Hands-on security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!