sysadmin
@
extreme.indiana.edu


Home
Machines
CSG
    Support
    Packages
Lab
    User's Guide
    Sysadmin's Guide
    Packages
Projects
    Portal
    LEAD
    Grid Info

Extreme Lab Grid -- MyProxy

MyProxy Server

Getting Started

The MyProxy [grid.ncsa.uiuc.edu] server is a repository for storing and managing a user's Grid credentials. Users can store a temporary proxy or even their full credentials into MyProxy and then conveniently access that user's proxy certificate from various places on the Grid, using either command line client tools or a portal interface. Our main MyProxy server is on rainier.extreme.indiana.edu, using the default port (7512).

To get started using MyProxy, you'll need to log into rainier. The command line MyProxy utilities are installed here (and should soon be installed on most all Extreme lab machines). You'll need to set the GLOBUS_LOCATION environment variable to /usr/local/globus. For bash users, this would be like so: export GLOBUS_LOCATION=/usr/local/globus. Then you initialize your globus environment by doing this: source $GLOBUS_LOCATION/etc/globus-user-env.sh. For tcsh users, this would be source $GLOBUS_LOCATION/etc/globus-user-env.csh. You will now have the MyProxy command line utilities in your command path.

Getting a Proxy Certificate from MyProxy CA

The MyProxy server on rainier is configured to act a a Certificate Authority (CA) and can grant certificates from the Extreme Lab CA. To retrieve a proxy certificate this way, run myproxy-logon -s rainier.extreme.indiana.edu. You will be prompted for a password and you should enter your rainier password to authenticate.

Storing a Proxy Certificate in MyProxy

To store a proxy certificate into the MyProxy server, enter the following command: myproxy-init -s rainier.extreme.indiana.edu. This will prompt you for your Grid credential passphrase (so that it can generate a proxy certificate), and then it will prompt you twice to provide a password for protecting this proxy in the server.

You'll then be able to retrieve a proxy from the MyProxy service using myproxy-logon -s rainier.extreme.indiana.edu. You'll be prompted for the password you provided in the previous step (NOT your Grid credential passphrase).

Tip: To avoid typing -s rainier.extreme.indiana.edu each time you execute a MyProxy command, you can set the MYPROXY_SERVER environment variable to rainier.extreme.indiana.edu in your shell's dotfile (e.g., .bashrc or .cshrc).

Storing a Grid Certificate in MyProxy

Additionally (and preferably), you can store your original credentials in the MyProxy server. To do this you first need to create a grid proxy, so execute grid-proxy-init. Then you need to issue the command myproxy-store -s rainier.extreme.indiana.edu. This will immediately store your user certificate and key in the MyProxy server.

You'll then be able to retrieve a proxy from the MyProxy service using myproxy-logon -s rainier.extreme.indiana.edu. You'll be prompted for your Grid credential passphrase.

Retrieving your Certificate from MyProxy

If you've stored your user certificate in MyProxy using myproxy-store, then you can retrieve it by issuing the command myproxy-retrieve -s rainier.extreme.indiana.edu. You'll be prompted for the passphrase on your private key as an authentication measure. The certificate and key will be put into the default location (which you can change with the -c and -y arguments; see the myproxy-retrieve man page for more info).

Other commands

Other useful MyProxy commands include:

  • myproxy-info - find information on a stored proxy or user certificate (requires that you have a grid proxy already).
  • myproxy-destroy - destroy a stored proxy or user certificate (requires that you have a grid proxy already).
  • myproxy-change-passphrase - change the passphrase for a stored proxy or user certificate (requires that you have a grid proxy already).

Last updated 31 Mar 2006 by machrist@cs.indiana.edu