projects / devwiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
(no commit message)
[devwiki.git] / testing / myproxy.mdwn
diff --git a/testing/myproxy.mdwn b/testing/myproxy.mdwn
index 4d0b91a..e365172 100644 (file)
--- a/testing/myproxy.mdwn
+++ b/testing/myproxy.mdwn
@@ -1,23 +1,44 @@
 # Testing MyProxy with Moonshot support
 
 ## Prerequsities
-    # apt-get install libglobus-gss-assist-dev
+    # apt-get install libglobus-gss-assist-dev grid-packaging-tools
 
 ## Build the MyProxy server and client
-    $ wget http://downloads.sourceforge.net/project/cilogon/myproxy/myproxy-5.3.tar.gz
-    $ tar xzf myproxy-5.3.tar.gz
-    $ cd myproxy-5.3
-    $ patch
+    $ wget http://downloads.sourceforge.net/project/cilogon/myproxy/myproxy-5.4.tar.gz
+    $ tar xzf myproxy-5.4.tar.gz && cd myproxy-5.4
     $ /usr/share/globus/globus-bootstrap.sh
     $ ./configure --with-flavor=gcc32pthr --with-sasl2=/usr --sbindir=/usr/sbin
     $ make
 
 ## Configure the server
-    # ./myproxy-server -c .....
-
+    # mkdir /etc/myproxy; cd /etc/myproxy
+    # umask 277 && openssl req -new -keyout cakey.pem -x509 -days 3650 -out cacert.pem -nodes -subj '/DC=org/DC=project-moonshot/CN=Moonshot CA' -extensions v3_ca
+    # cat > myproxy.conf <<EOF
+    authorized_retrievers "*"
+    sasl "required"
+    sasl_mech EAP-AES128
+    certificate_issuer_cert /etc/myproxy/cacert.pem
+    certificate_issuer_key /etc/myproxy/cakey.pem
+    certificate_serialfile /var/lib/myproxy/serial
+    certificate_mapfile /etc/myproxy/grid-mapfile
+    EOF
+    # echo '"/DC=org/DC=project-moonshot/CN=steve@local" steve@local' > grid-mapfile
+    # mkdir -p /var/lib/myproxy && echo 00 > /var/lib/myproxy/serial
+    # (cd /etc/ssl/private && cp ssl-cert-snakeoil.key ssl-cert-snakeoil-myproxy.key && chmod 600 ssl-cert-snakeoil-myproxy.key)
+    # export X509_CERT_DIR=/etc/ssl/certs
+    # export X509_USER_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
+    # export X509_USER_KEY=/etc/ssl/private/ssl-cert-snakeoil-myproxy.key
+    # export SASL_PATH=/usr/local/lib/sasl2
+    # ./myproxy-server -c /etc/myproxy/myproxy.conf
 ## Try obtaining a certificate for steve
     $ export SASL_PATH=/usr/local/lib/sasl2
     $ export X509_CERT_DIR=/etc/ssl/certs
-    $ ./myproxy-logon -s localhost -n -l steve@local
+    $ ./myproxy-logon -s localhost -n -l steve@local -o /tmp/creds.pem
+
+The client will prompt for the steve's password and finishes saying
+
+    'A credential has been received for user steve@local in /tmp/cred.pem.'
+You can check the obtained credentials with
 
-The PKI credentials will be in ....
+    $ openssl x509 -in /tmp/cred.pem -noout -text |less
Unnamed repository; edit this file 'description' to name the repository.