1 # Testing MyProxy with Moonshot support
4 # apt-get install libglobus-gss-assist-dev grid-packaging-tools
6 ## Build the MyProxy server and client
7 $ wget http://downloads.sourceforge.net/project/cilogon/myproxy/myproxy-5.4.tar.gz
8 $ tar xzf myproxy-5.4.tar.gz && cd myproxy-5.4
9 $ /usr/share/globus/globus-bootstrap.sh
10 $ ./configure --with-flavor=gcc32pthr --with-sasl2=/usr --sbindir=/usr/sbin
13 ## Configure the server
14 # mkdir /etc/myproxy; cd /etc/myproxy
15 # umask 277 && openssl req -new -keyout cakey.pem -x509 -days 3650 -out cacert.pem -nodes -subj '/DC=org/DC=project-moonshot/CN=Moonshot CA' -extensions v3_ca
16 # cat > myproxy.conf <<EOF
17 authorized_retrievers "*"
20 certificate_issuer_cert /etc/myproxy/cacert.pem
21 certificate_issuer_key /etc/myproxy/cakey.pem
22 certificate_serialfile /var/lib/myproxy/serial
23 certificate_mapfile /etc/myproxy/grid-mapfile
25 # echo '"/DC=org/DC=project-moonshot/CN=steve@local" steve@local' > grid-mapfile
26 # mkdir -p /var/lib/myproxy && echo 00 > /var/lib/myproxy/serial
27 # (cd /etc/ssl/private && cp ssl-cert-snakeoil.key ssl-cert-snakeoil-myproxy.key && chmod 600 ssl-cert-snakeoil-myproxy.key)
28 # export X509_CERT_DIR=/etc/ssl/certs
29 # export X509_USER_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
30 # export X509_USER_KEY=/etc/ssl/private/ssl-cert-snakeoil-myproxy.key
31 # export SASL_PATH=/usr/local/lib/sasl2
32 # ./myproxy-server -c /etc/myproxy/myproxy.conf
34 ## Try obtaining a certificate for steve
35 $ export SASL_PATH=/usr/local/lib/sasl2
36 $ export X509_CERT_DIR=/etc/ssl/certs
37 $ ./myproxy-logon -s localhost -n -l steve@local -o /tmp/creds.pem
39 The client will prompt for the steve's password and finishes saying
41 'A credential has been received for user steve@local in /tmp/cred.pem.'
42 You can check the obtained credentials with
44 $ openssl x509 -in /tmp/cred.pem -noout -text |less
projects / devwiki.git / blob