Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

cleanup of cloud client encrypted-key situation, take #2

  • Loading branch information...
commit f8a5fc2a48c972523187cb2f96d3450e7cbd6e98 1 parent a45a751
@timf timf authored
Showing with 24 additions and 14 deletions.
  1. +24 −14 cloud-client/nimbus-cloud-client-src/README.txt
View
38 cloud-client/nimbus-cloud-client-src/README.txt
@@ -43,6 +43,10 @@ The search path the cloud client uses is as follows:
is used. This lets the cloud work with all existing certs, tooling,
MyProxy, etc.
+ Note: if you are using an encrypted key, such as the ones typically
+ provided by grid computing certificate authorities, you will need to
+ generate the proxy mentioned in this step. See the section below.
+
C. ~/.nimbus/
If ~/.nimbus/usercert.pem and ~/.nimbus/userkey.pem are present and the key
@@ -51,21 +55,36 @@ The search path the cloud client uses is as follows:
D. ~/.globus/
- Same as #3 but with ~/.globus
+ Same as #3 but with ~/.globus. The key still needs to be unencrypted.
+
+
+2. Test the security setup.
+
+ $ ./bin/cloud-client.sh --security
+
+3. If you already have a credential and have not given your DN to the cloud
+ administrators, do so sending the distinguished name printed after 'Identity'
+
+
+Encrypted Keys and Proxy Credentials
+------------------------------------
+You might need to go the proxy credential route. For example, you were given
+an encrypted certificate, this is typically found in grid computing.
-If you want to go the proxy credential route (for example, you have an
-encrypted certificate), and do not have a proxy credential in place, you
+If you do not have a proxy credential in place using some other tool (at for
+example "/tmp/x509up_u1000" where "1000" is your unix account ID number), you
can use an embedded program to run grid-proxy-init like so:
$ ./bin/grid-proxy-init.sh
-Note that grid-proxy-init does NOT follow the same search path as the cloud
+Note that grid-proxy-init does not follow the same search path as the cloud
client does when the cloud client is looking for unencrypted keys. Instead,
it only looks for "~/.globus/usercert.pem" and "~/.globus/userkey.pem".
-You can specify the paths exactly though:
+But you can specify the paths exactly if that is not where you keep the cert
+and encrypted key:
$ ./bin/grid-proxy-init.sh -cert /tmp/usercert.pem -key /tmp/userkey.pem
@@ -79,15 +98,6 @@ the "lib/certs" directory of the cloud client but you can override like so:
$ export NIMBUS_X509_TRUSTED_CERTS="/path/to/certificates_directory"
-2. Test the security setup.
-
- $ ./bin/cloud-client.sh --security
-
-
-3. If you already have a credential and have not given your DN to the cloud
- administrators, do so sending the distinguished name printed after 'Identity'
-
-
Configuring The Cloud
---------------------
Please sign in to comment.
Something went wrong with that request. Please try again.