hands on security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Hands-on security PowerPoint Presentation
Download Presentation
Hands-on security

Loading in 2 Seconds...

play fullscreen
1 / 18

Hands-on security - PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on

Hands-on security. Angelines Alberto Morillas Ciemat. How to access to the UI. SERVER: glite-tutor.ct.infn.it glite-tutor2.ct.infn.it USERNAME: sevilla XX PASSWORD: GridSEV XX PASSPHRASE: SEVILLA where XX = 01…30. Authentication and Authorization.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Hands-on security' - enrique-rios


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
hands on security

Hands-on security

Angelines Alberto Morillas

Ciemat

slide2

How to access to the UI

  • SERVER:glite-tutor.ct.infn.it
  • glite-tutor2.ct.infn.it
  • USERNAME: sevillaXX
  • PASSWORD:GridSEVXX
  • PASSPHRASE: SEVILLA
  • where XX = 01…30
authentication and authorization
Authentication and Authorization
  • INSPECTING PERSONAL CERTIFICATE
    • .globus: your personal certificate, two separate files (public and private keys)
    • You need them for the authenticated connections with all the other elements.
    • Check the permissions (you won´t be able to create a proxy if they are wrong)

ls –l .globus

-rw-r--r-- usercert.pem

-r-------- userkey.pem

authentication and authorization1
Authentication and Authorization
  • INSPECTING PERSONAL CERTIFICATE
    • Look inside your certificate

grid-cert-info

    • Important information
      • Creation and expiration date
      • Name and subject of the CA
      • Common Name (CN) of the certificate owner
      • Certificate subject
authentication and authorization2
Authentication and Authorization
  • Creation of a proxy with voms extensions
    • This step is comparable to a login on the grid.

voms-proxy-init --voms gilda

authentication and authorization3
Authentication and Authorization
  • CHECK YOUR VOMS PROXY
    • To get info about your proxy

voms-proxy-info -all

    • It shows two different lifetimes:
      • First is related to the proxy itself
      • The second one is referred to the AC infos added by the VOMS server.
    • Important: your proxy has 12 hours of live
myproxyuse
MyProxyUse
  • Register a long living proxy in the MyProxy server (grid001.ct.infn.it)
    • Allows you to create and store a long term proxy certificate

myproxy-init --voms gilda

    • The –s option allows you to specify the name of the myproxy server you want to contact

myproxy-init --voms gilda –s grid001.ct.infn.it

myproxyuse1
MyProxyUse
  • Register a long living proxy in the MyProxy server (grid001.ct.infn.it)
    • The –d option allows you to create and store a long term proxy with your DN.

myproxy-init --voms gilda –s grid001.ct.infn.it -d

    • Without this option, the name of the stored proxy is the same of the user in the local machine
myproxyuse2
MyProxyUse
  • Register a long living proxy in the MyProxy server (grid001.ct.infn.it)
    • The –l option allows you to create and store a long term proxy with a name specified by the user

myproxy-init --voms gilda

–s grid001.ct.infn.it –l GILDA_TUTOR

    • Each user can create and store several proxies in a myproxy server, but each remote proxy is linked to the specified username
myproxyuse3
MyProxyUse
  • Gather information about the proxy in the MyProxy server
    • You can get info on myproxy server about your proxy

myproxy-info –s grid001.ct.infn.it

    • If the credentials have been initialized with the –d switch, you also have to specify it when using myproxy-info

myproxy-info –s grid001.ct.infn.it -d

myproxyuse4
MyProxyUse
  • Gather information about the proxy in the MyProxy server
    • If the credentials have been initialized with the –l switch, you also have to specify it when using myproxy-info

myproxy-info

–s grid001.ct.infn.it –l GILDA_TUTOR

    • Note the differences in the usename of each proxy
myproxyuse5
MyProxyUse
  • Gather information about the proxy in the MyProxy server
    • If in your UI there is no local proxy, it´s not possible to be authenticated in the myproxy server
    • In this case is needed to get a delegate proxy form the MyProxy sever or create a local proxy with

voms-proxy-init

myproxyuse6
MyProxyUse
  • Get a delegated proxy from the MyProxy server
    • It allow you to get a proxy from the myproxy server
    • Destroy the proxy in the local machine and verify it doesn-t exist anymore

voms-proxy-destroy

voms-proxy-info

couldn´t find a valid proxy

myproxyuse7
MyProxyUse
  • Get a delegated proxy from the MyProxy server
    • Now in your UI (virtual o real), there is no local proxy.
    • To get a proxy from the myproxy sever

myproxy-get-delegation –s grid001.ct.infn.it

myproxyuse8
MyProxyUse
  • Get a delegated proxy from the MyProxy server
    • With –d option

myproxy-get-delegation –s grid001.ct.infn.it –d

    • Verify now that the user has a local proxy

voms-proxy-info

myproxyuse9
MyProxyUse
  • Destroy remote proxy
    • You can destroy your remote proxy

myproxy-destroy –s grid001.ct.infn.it

    • Check your remote proxy

myproxy-info –s grid001.ct.infn.it

myproxyuse10
MyProxyUse
  • Destroy remote proxy
    • Destroy your remote proxy with -d

myproxy-destroy –s grid001.ct.infn.it -d

    • Check your remote proxy with -d

myproxy-info –s grid001.ct.infn.it -d

myproxyuse11
MyProxyUse
  • Destroy remote proxy
    • Destroy your remote proxy with -l

myproxy-destroy

–s grid001.ct.infn.it –l GILDA_TUTOR

    • Check your remote proxy with -L

myproxy-info

–s grid001.ct.infn.it –l GILDA_TUTOR