...
Download the file.
No Format |
---|
$ wget http://security.fnal.gov/krb5.conf
|
Set the environment variable KRB5_CONFIG to point to the Fermilab configuration file.
No Format |
---|
$ export KRB5_CONFIG=`pwd`/krb5.conf
|
...
Initialize the Kerberos session.
No Format |
---|
$ kinit -f USERNAME@FNAL.GOV |
Connect to detsim using ssh
No Format |
---|
$ ssh USERNAME@detsim.fnal.gov |
You may need to use ssh_config for the SSH configuration file.
No Format |
---|
$ ssh -F ssh_config USERNAME@detsim.fnal.gov |
...
- Export your Open Science Grid certificate from your browser.
Use the scp utility to copy the certificate to your detsim account, then ssh into detsim to perform the rest of these steps.
No Format $ scp /path/to/<YourCert>.p12 USERNAME@detsim.fnal.gov:~/ $ ssh USERNAME@detsim.fnal.gov
Convert the certificate using the openssl command as shown (use your actual .p12 certificate filename with no angle brackets; use the output name usercert.pem as shown). (You may have to create the $HOME/.globus directory)
No Format $ openssl pkcs12 -in <YourCert>.p12 -clcerts -nokeys -out $HOME/.globus/usercert.pem
To get the encrypted private key (again use your actual .pl2 certificate filename; use the output name userkey.pem as shown):
No Format $ openssl pkcs12 -in <YourCert>.p12 -nocerts -out $HOME/.globus/userkey.pem
You must set the mode on your userkey.pem file to read/write only by the owner, otherwise grid-proxy-init will not use it
No Format $ chmod go-rw $HOME/.globus/userkey.pem
...