On Dec 3, 2007, at 11:37 PM, Wilson Jr. wrote:
I'm still a little lost with GSI, but I'm needing to use security
and I'm having no success.
First, a doubt:
I have a simpleCa for a cluster in college, and a usercert there.
I have a simpleCa in my own pc at home, and a usercert here.
I did a service and deployed at college, and I'm trying to run the
client at home, but without success.
How does the college machine trust my home SimpleCA?
You add your home SimpleCA's public certificate to /etc/grid-security/
certificates on your college machine. See the quickstart section
about setting up security on a second machine: http://www.globus.org/
toolkit/docs/4.0/admin/docbook/quickstart.html#q-security2
The fact is that I'm getting this error above, 'cause like the
container is running from the globus user, it looks his certificates,
How Do I put to use the certs from my first user: user01, that is
running MyService?
Have your service use the delegation service (http://www.globus.org/
toolkit/docs/4.0/security/delegation/developer-index.html).
The flow is:
1) user01 calls the delegation service using globus-credential-delegate
2) user01 calls MyService, giving it the EPR of the delegated
credential
3) MyService calls the delegation service to run as the user's
delegated credential
4) MyService calls ogsa-dai as the user
Charles
