# Testing MyProxy with Moonshot support
## Prerequsities
- # apt-get install libglobus-gss-assist-dev
+ # apt-get install libglobus-gss-assist-dev grid-packaging-tools
## Build the MyProxy server and client
- $ wget http://downloads.sourceforge.net/project/cilogon/myproxy/myproxy-5.3.tar.gz
- $ tar xzf myproxy-5.3.tar.gz
- $ cd myproxy-5.3
- $ patch
+ $ wget http://downloads.sourceforge.net/project/cilogon/myproxy/myproxy-5.4.tar.gz
+ $ tar xzf myproxy-5.4.tar.gz && cd myproxy-5.4
$ /usr/share/globus/globus-bootstrap.sh
$ ./configure --with-flavor=gcc32pthr --with-sasl2=/usr --sbindir=/usr/sbin
$ make
## Configure the server
- # ./myproxy-server -c .....
-
+ # mkdir /etc/myproxy; cd /etc/myproxy
+ # umask 277 && openssl req -new -keyout cakey.pem -x509 -days 3650 -out cacert.pem -nodes -subj '/DC=org/DC=project-moonshot/CN=Moonshot CA' -extensions v3_ca
+ # cat > myproxy.conf <<EOF
+ authorized_retrievers "*"
+ sasl "required"
+ sasl_mech EAP-AES128
+ certificate_issuer_cert /etc/myproxy/cacert.pem
+ certificate_issuer_key /etc/myproxy/cakey.pem
+ certificate_serialfile /var/lib/myproxy/serial
+ certificate_mapfile /etc/myproxy/grid-mapfile
+ EOF
+ # echo '"/DC=org/DC=project-moonshot/CN=steve@local" steve@local' > grid-mapfile
+ # mkdir -p /var/lib/myproxy && echo 00 > /var/lib/myproxy/serial
+ # (cd /etc/ssl/private && cp ssl-cert-snakeoil.key ssl-cert-snakeoil-myproxy.key && chmod 600 ssl-cert-snakeoil-myproxy.key)
+ # export X509_CERT_DIR=/etc/ssl/certs
+ # export X509_USER_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
+ # export X509_USER_KEY=/etc/ssl/private/ssl-cert-snakeoil-myproxy.key
+ # export SASL_PATH=/usr/local/lib/sasl2
+ # ./myproxy-server -c /etc/myproxy/myproxy.conf
+
## Try obtaining a certificate for steve
$ export SASL_PATH=/usr/local/lib/sasl2
$ export X509_CERT_DIR=/etc/ssl/certs
- $ ./myproxy-logon -s localhost -n -l steve@local
+ $ ./myproxy-logon -s localhost -n -l steve@local -o /tmp/creds.pem
+
+The client will prompt for the steve's password and finishes saying
+
+ 'A credential has been received for user steve@local in /tmp/cred.pem.'
+You can check the obtained credentials with
-The PKI credentials will be in ....
+ $ openssl x509 -in /tmp/cred.pem -noout -text |less