Users to get access to a grid service/resource use their certificates to
authenticate themselves. A subject (distinguish name) of a user
certificate is a part of the certificate saying about the identity of
the user. Users on a computer systems are identified by their usernames.
The file /etc/grid-security/grid-mapfile is used to map user
certificates (DNs - Distinguish Names) to user names (accounts) on a
machine with a grid service. If you want to use your certificate to get
access to a chosen user account on a remote machine with a grid service
you have to add the following mapping
"DN_from_your_certificate" a_user_name_you_want_to_use_on_the_remote_machine
to /etc/grid-security/grid-mapfile on the remote machine. To do that you
can use a text editor and edit grid-mapfile or accordingly to the
documentation
http://www.globus.org/toolkit/docs/5.0/5.0.2/admin/install/#gtadmin-basic-gridmap,
you can use the command grid-mapfile-add-entry.
Lukasz
On 1/25/11 7:18 AM, kasim saeed wrote:
Hi
I don`t have words to appreciate the help you have provided so far, I
need little help more. Now that the certificate has been signed. When
I gave the following command ,
**|vim /etc/grid-security/grid-mapfile|**
it opens the editor and I really don`t know what to do after that,
Because in the quick guide (
_*http://www.globus.org/toolkit/docs/4.0/admin/docbook/quickstart.html#q-vo*_
) nothing is given about that, in fact it says do the following command
*|cat /etc/grid-security/grid-mapfile|*
after that.
*||*
Please Help.
Regards
Kaasim Saeed.
On Sun, Jan 23, 2011 at 5:22 PM, Lukasz Lacinski
<[email protected] <mailto:[email protected]>> wrote:
On 1/23/11 3:03 AM, kasim saeed wrote:
**|Thanks .
|**I gave the following commands for grid-cert-request,
**|
export GLOBUS_LOCATION=/usr/local/globus
|*||*|source $GLOBUS_LOCATION/etc/globus-user-env.csh|*
||*|grid-cert-request|**
They ran sucessfully , the only difference is that i ran
****|source $GLOBUS_LOCATION/etc/globus-user-env.sh|****
instead of .*csh*,
if I gave this command with *.csh* then it says,
bash: /usr/local/globus//etc/globus-user-env.csh: line 167:
syntax error: unexpected end of file
The documentation
http://www.globus.org/toolkit/docs/5.0/5.0.2/admin/install/#gtadmin-basic-environment
says which script should be used when? .csh if you use C shell,
.sh if you use sh (Bourne shell) or bash (Bourne again shell).
so i ran with sh. I assume this should have requested grid-cert.
You can check it. According to the documentation
http://www.globus.org/toolkit/docs/5.0/5.0.2/admin/install/#gtadmin-simpleca-usercert
a request should be in $HOME/.globus/usercert_request.pem.
Lukasz
On Sun, Jan 23, 2011 at 1:27 PM, Lukasz Lacinski
<[email protected] <mailto:[email protected]>> wrote:
There is not the file request.pem you want to sign. That's
why you get the error. You need to generate a certificate
request (a user certificate request, I guess) using the
command grid-cert-request as a normal user who wants a
certificate. The copy the request
$HOME/.globus/usercert_request.pem to a different directory
accessible by an owner of your Globus Certifcate Authority
(globus or root). Then use 'grid-ca-sign' to sign the request
pointing it out (the option -in) where it has been copied to.
http://www.globus.org/toolkit/docs/5.0/5.0.2/admin/install/#gtadmin-simpleca-usercert
Lukasz
On 1/23/11 2:14 AM, kasim saeed wrote:
Thanks for your help.Following is the output of _*ls -l*_
command.
*
total 55396
drwxr-xr-x 3 globus globus 4096 2011-01-23 00:44 BUILD
-rw-r--r-- 1 globus globus 360 2011-01-23 00:44 build.log
-rw-r--r-- 1 globus globus 179 2011-01-22 21:51
examples.desktop
drwxr-xr-x 6 globus globus 4096 2011-01-22 22:01
gt5.0.2-all-source-installer
-rwxr-xr-x 1 root root 56704884 2011-01-22 21:54
gt5.0.2-all-source-installer.tar.bz2
-rw-r--r-- 1 globus globus 2670 2011-01-23 00:51
hostsigned.pem*
Regards
Kaasim Saeed.
On Sun, Jan 23, 2011 at 12:28 PM, Lukasz Lacinski
<[email protected] <mailto:[email protected]>> wrote:
Hi Kaasim,
There is only one place in GT 5 (grid-ca-sign) where the
output can be generated:
if test ! -r ${INPUT_REQ_FILE}; then
echo ""
echo "ERROR: The file: ${INPUT_REQ_FILE} is
not readable"
echo ""
exit 1
fi
Please, can you show output from the command ls -l,
after you run the command
# grid-ca-sign -in request.pem -out signed.pem
Lukasz
On 1/22/11 2:15 PM, kasim saeed wrote:
Hi all
I am new to Globus and installing it for academic
purposes.
I am following globus 4.0 quick start (
_*http://www.globus.org/toolkit/docs/4.0/admin/docbook/quickstart.html#q-vo
*_)
GT version: GT 5
OS : Ubuntu 10.04
Everything goes fine until i gave the following command
_*|grid-ca-sign -in request.pem -out signed.pem|*_
_ERROR: The file: request.pem is not readable_
I have checked all the permissions, they are rite,
further i tried to run this command as root, but still
the same error.
Please Help.
Regards
Kaasim Saeed.
