The Globus toolkit has a number of utilities that can be used to move files and access remote machines. These methods rely on two point authentication, much like SSH keys.
Getting the certificates
GSI Authentication uses "Proxy Certificates" to allow access to various resources. You must use a password to obtain the proxy certificate, after which, you may authenticate without a password for the duration of the proxy certificate (by default, 12 hours). The preferred method for obtaining a proxy certificate is to request one from NCSA's myproxy server, we will outline that process here. Another method is to obtain a grid certificate, which may be used to create a proxy certificate directly, see Grid Certificate Method.
Using the MyProxy Server
First, make sure the Globus toolkit is in your path (to check, try which myproxy-init). On Kraken, you must load the Globus module:
userjd@kraken:~> module load globus
Other sites may have it loaded by default, or by a different mechanism. Now you can get a proxy certificate from the main myproxy server:
userjd@kraken:~> myproxy-logon [-l TG_Portal_Username] Enter MyProxy pass phrase: [your-TG-password] A credential has been received for user userjd in /tmp/x509up_u000.
From here you can log on to other resources where you have accounts. For example:
userjd@kraken:~>gsissh keenelandgsi.nics.utk.edu
By default, myproxy-logon uses your current username. You must specify your XSEDE Portal username if it is different. For your pass phrase, enter your XSEDE Portal password. This credential is only valid for 12 hours by default, though this may be changed (within limits) with the -t flag.
Managing Certificates
Proxy certificates are usually valid for 12 hours. If you finish early, it is a good practice to remove the proxy certificate using grid-proxy-destroy. To check a proxy certificate, use grid-proxy-info, or to check a grid certificate, use grid-cert-info. In general, myproxy-* commands communicate with the myproxy server, grid-proxy-* commands deal with your proxy certificate, and grid-cert-* commands deal with your local grid certificate (when using the MyProxy method, you do not need a grid certificate).
Using the Globus Utilities
- GSISSH: A tool built on
sshto allow GSI authentication and single-sign-on. - GridFTP: A protocol for very fast file transfers. Use
globus-url-copy(likescp) oruberftp(likesftp) to transfer files using GridFTP.
Problems
There is a small chance that your username may not be enabled to use Grid authentication. Please contact us at help@xsede.org to get this checked and corrected. If you wish to check yourself, you can use the following command:
% grep your_username /etc/grid-security/grid-mapfile
