Permalink
Browse files

cleanup of cloud client encrypted-key situation

  • Loading branch information...
1 parent 85642a5 commit a45a751d71eb3cd3920f899dc5cae638feafab57 @timf timf committed Jul 30, 2010
@@ -40,8 +40,8 @@ The search path the cloud client uses is as follows:
B. proxy
If a normal proxy is present in the /tmp directory and is still valid, that
- is used. This lets the cloud work with all existing certs, tooling, MyProxy,
- etc.
+ is used. This lets the cloud work with all existing certs, tooling,
+ MyProxy, etc.
C. ~/.nimbus/
@@ -55,12 +55,20 @@ The search path the cloud client uses is as follows:
-If you want to go the proxy credential route (for example, you have a 'grid'
-certificate), and do not have a proxy credential in place, you can use an embedded
-program to run grid-proxy-init like so:
+If you want to go the proxy credential route (for example, you have an
+encrypted certificate), and do not have a proxy credential in place, you
+can use an embedded program to run grid-proxy-init like so:
$ ./bin/grid-proxy-init.sh
+Note that grid-proxy-init does NOT follow the same search path as the cloud
+client does when the cloud client is looking for unencrypted keys. Instead,
+it only looks for "~/.globus/usercert.pem" and "~/.globus/userkey.pem".
+
+You can specify the paths exactly though:
+
+ $ ./bin/grid-proxy-init.sh -cert /tmp/usercert.pem -key /tmp/userkey.pem
+
Issues? Try our mailing list and/or run:
$ ./bin/grid-proxy-init.sh -help
@@ -6,7 +6,11 @@ BASEDIR=`cd $BASEDIR_REL; pwd`
EMBEDDED_GL="$BASEDIR/lib/globus"
EMBEDDED_CADIR="$BASEDIR/lib/certs"
-X509_CERT_DIR="$EMBEDDED_CADIR"
+if [ -n "$NIMBUS_X509_TRUSTED_CERTS" ]; then
+ X509_CERT_DIR="$NIMBUS_X509_TRUSTED_CERTS"
+else
+ X509_CERT_DIR="$EMBEDDED_CADIR"
+fi
export X509_CERT_DIR
OLD_GLOBUS_LOCATION=""

0 comments on commit a45a751

Please sign in to comment.