The preferred method for obtaining Proxy Certificates is to use the MyProxy server at NCSA, described here. This is an alternative to that method.
Getting the Grid Certificate: Once a Year
First, you must create the Grid Certificate, with which may be used to create proxy certificates, and is valid for a year.
userjd@local:~> ssh userjd@tg-login.ncsa.teragrid.org [...] userjd@ncsa:~> ncsa-cert-request To continue, please enter the NCSA Kerberos password for userjd: For increased security, your NCSA default password is also needed. To continue, please enter the NCSA default password for userjd: [...] Please enter your private key encryption passphrase: Verifying private key passphrase, please reenter passphrase:
Your "NCSA default password" is as it appears on the password sheet you received when first receiving a TeraGrid account—this also had your initial Portal password. When you set your "private key encryption passphrase," note that it must be at least 12 characters.
You should now have a .globus folder with your grid certificate. You need to put this on the machine you wish to log in from, Kraken in this instance.
userjd@ncsa:~> scp -r \ ~/.globus userjd@kraken-gsi.nics.teragrid.org:~/.globusCreating the Proxy Certificate: Every Time
Now log in to the machine with your grid certificate. Make sure the Globus tools are in the path, and enter the following:
userjd@some:~> grid-proxy-init Your identity: [...] Enter GRID pass phrase for this identity: Creating proxy ............................. Done Your proxy is valid until: [...]
Enter the 12+ character passphrase you chose when creating the cert, and you should be good to connect to TeraGrid sites without further passwords for the duration of the proxy.
Managing Certificates
Proxy certificates are usually valid for 12 hours. If you finish early, it is a good practice to remove the proxy certificate using grid-proxy-destroy. To check a proxy certificate, use grid-proxy-info, or to check a grid certificate, use grid-cert-info. In general, myproxy-* commands communicate with the myproxy server, grid-proxy-* commands deal with your proxy certificate, and grid-cert-* commands deal with your local grid certificate (when using the MyProxy method, you do not need a grid certificate).
