$ make
## Configure the server
- # mkdir /etc/myproxy
- # ./myproxy-server -c .....
-
+ # mkdir /etc/myproxy; cd /etc/myproxy
+ # umask 277 && openssl req -new -keyout cakey.pem -x509 -days 3650 -out cacert.pem -nodes -subj '/DC=org/DC=project-moonshot/CN=Moonshot CA' -extensions v3_ca
+ # cat > myproxy.conf <<EOF
+ authorized_retrievers "*"
+ sasl "required"
+ sasl_mech EAP-AES128
+ certificate_issuer_cert /etc/myproxy/cacert.pem
+ certificate_issuer_key /etc/myproxy/cakey.pem
+ certificate_serialfile /var/lib/myproxy/serial
+ certificate_mapfile /etc/myproxy/grid-mapfile
+ EOF
+ # echo '"/DC=org/DC=project-moonshot/CN=steve@local" steve@local' > grid-mapfile
+ # mkdir -p /var/lib/myproxy && echo 00 > /var/lib/myproxy/serial
+ # (cd /etc/ssl/private && cp ssl-cert-snakeoil.key ssl-cert-snakeoil-myproxy.key && chmod 600 ssl-cert-snakeoil-myproxy.key)
+ # export X509_CERT_DIR=/etc/ssl/certs
+ # export X509_USER_CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
+ # export X509_USER_KEY=/etc/ssl/private/ssl-cert-snakeoil-myproxy.key
+ # export SASL_PATH=/usr/local/lib/sasl2
+ # ./myproxy-server -c /etc/myproxy/myproxy.conf
+
## Try obtaining a certificate for steve
$ export SASL_PATH=/usr/local/lib/sasl2
$ export X509_CERT_DIR=/etc/ssl/certs
projects / devwiki.git / commitdiff