Hands on security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 18

Hands-on security PowerPoint PPT Presentation


  • 50 Views
  • Uploaded on
  • Presentation posted in: General

Hands-on security. Angelines Alberto Morillas Ciemat. How to access to the UI. SERVER: glite-tutor.ct.infn.it glite-tutor2.ct.infn.it USERNAME: sevilla XX PASSWORD: GridSEV XX PASSPHRASE: SEVILLA where XX = 01…30. Authentication and Authorization.

Download Presentation

Hands-on security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Hands on security

Hands-on security

Angelines Alberto Morillas

Ciemat


Hands on security

How to access to the UI

  • SERVER:glite-tutor.ct.infn.it

  • glite-tutor2.ct.infn.it

  • USERNAME: sevillaXX

  • PASSWORD:GridSEVXX

  • PASSPHRASE: SEVILLA

  • where XX = 01…30


Authentication and authorization

Authentication and Authorization

  • INSPECTING PERSONAL CERTIFICATE

    • .globus: your personal certificate, two separate files (public and private keys)

    • You need them for the authenticated connections with all the other elements.

    • Check the permissions (you won´t be able to create a proxy if they are wrong)

      ls –l .globus

      -rw-r--r--usercert.pem

      -r--------userkey.pem


Authentication and authorization1

Authentication and Authorization

  • INSPECTING PERSONAL CERTIFICATE

    • Look inside your certificate

      grid-cert-info

    • Important information

      • Creation and expiration date

      • Name and subject of the CA

      • Common Name (CN) of the certificate owner

      • Certificate subject


Authentication and authorization2

Authentication and Authorization

  • Creation of a proxy with voms extensions

    • This step is comparable to a login on the grid.

      voms-proxy-init --voms gilda


Authentication and authorization3

Authentication and Authorization

  • CHECK YOUR VOMS PROXY

    • To get info about your proxy

      voms-proxy-info -all

    • It shows two different lifetimes:

      • First is related to the proxy itself

      • The second one is referred to the AC infos added by the VOMS server.

    • Important: your proxy has 12 hours of live


Myproxyuse

MyProxyUse

  • Register a long living proxy in the MyProxy server (grid001.ct.infn.it)

    • Allows you to create and store a long term proxy certificate

      myproxy-init --voms gilda

    • The –s option allows you to specify the name of the myproxy server you want to contact

      myproxy-init --voms gilda –s grid001.ct.infn.it


Myproxyuse1

MyProxyUse

  • Register a long living proxy in the MyProxy server (grid001.ct.infn.it)

    • The –d option allows you to create and store a long term proxy with your DN.

      myproxy-init --voms gilda –s grid001.ct.infn.it -d

    • Without this option, the name of the stored proxy is the same of the user in the local machine


Myproxyuse2

MyProxyUse

  • Register a long living proxy in the MyProxy server (grid001.ct.infn.it)

    • The –l option allows you to create and store a long term proxy with a name specified by the user

      myproxy-init --voms gilda

      –s grid001.ct.infn.it –l GILDA_TUTOR

    • Each user can create and store several proxies in a myproxy server, but each remote proxy is linked to the specified username


Myproxyuse3

MyProxyUse

  • Gather information about the proxy in the MyProxy server

    • You can get info on myproxy server about your proxy

      myproxy-info –s grid001.ct.infn.it

    • If the credentials have been initialized with the –d switch, you also have to specify it when using myproxy-info

      myproxy-info –s grid001.ct.infn.it -d


Myproxyuse4

MyProxyUse

  • Gather information about the proxy in the MyProxy server

    • If the credentials have been initialized with the –l switch, you also have to specify it when using myproxy-info

      myproxy-info

      –s grid001.ct.infn.it –l GILDA_TUTOR

    • Note the differences in the usename of each proxy


Myproxyuse5

MyProxyUse

  • Gather information about the proxy in the MyProxy server

    • If in your UI there is no local proxy, it´s not possible to be authenticated in the myproxy server

    • In this case is needed to get a delegate proxy form the MyProxy sever or create a local proxy with

      voms-proxy-init


Myproxyuse6

MyProxyUse

  • Get a delegated proxy from the MyProxy server

    • It allow you to get a proxy from the myproxy server

    • Destroy the proxy in the local machine and verify it doesn-t exist anymore

      voms-proxy-destroy

      voms-proxy-info

      couldn´t find a valid proxy


Myproxyuse7

MyProxyUse

  • Get a delegated proxy from the MyProxy server

    • Now in your UI (virtual o real), there is no local proxy.

    • To get a proxy from the myproxy sever

      myproxy-get-delegation –s grid001.ct.infn.it


Myproxyuse8

MyProxyUse

  • Get a delegated proxy from the MyProxy server

    • With –d option

      myproxy-get-delegation –s grid001.ct.infn.it –d

    • Verify now that the user has a local proxy

      voms-proxy-info


Myproxyuse9

MyProxyUse

  • Destroy remote proxy

    • You can destroy your remote proxy

      myproxy-destroy –s grid001.ct.infn.it

    • Check your remote proxy

      myproxy-info –s grid001.ct.infn.it


Myproxyuse10

MyProxyUse

  • Destroy remote proxy

    • Destroy your remote proxy with -d

      myproxy-destroy –s grid001.ct.infn.it -d

    • Check your remote proxy with -d

      myproxy-info –s grid001.ct.infn.it -d


Myproxyuse11

MyProxyUse

  • Destroy remote proxy

    • Destroy your remote proxy with -l

      myproxy-destroy

      –s grid001.ct.infn.it –l GILDA_TUTOR

    • Check your remote proxy with -L

      myproxy-info

      –s grid001.ct.infn.it –l GILDA_TUTOR


  • Login