• About
• News
• License
• Download
• Installation
• Documentation
• Reference
• Support
• Security
• Privacy
• Troubleshooting
• Bugs: 1 2
• Sources
• Publications
• Presentations
• MyProxyLogon
• OAuth
• NCSA Server
• TeraGrid
• Protocol
• Anniversary

MyProxy > Docs > User's Guide > Single Sign-on on TeraGrid

What follows are instructions for using MyProxy and GSISSH for single sign-on to TeraGrid systems from a Unix/Linux/OSX system. Windows users should try GSI-SSHTerm instead. The TeraGrid MyProxy server is configured to allow all TeraGrid users to obtain certificates using their TeraGrid Portal username and password. NCSA users can alternatively use the NCSA MyProxy server with their NCSA Kerberos username and password. This is an example of how the MyProxy CA can be integrated with an existing authentication service (in this case, the TERAGRID.ORG/NCSA.EDU Kerberos domains) for certificate issuance.

Contents

• Install MyProxy and GSISSH
• Obtain your certificate from MyProxy
• Login via GSISSH
• Troubleshooting

Install MyProxy and GSISSH

First, check to see if you already have myproxy-logon and gsissh installed.

If the above command returns output, like this:

then you can proceed to the next step. Otherwise, you need to install the needed commands as follows.

First, download and unpack a Globus Toolkit installer for your system from http://www.globus.org/toolkit/downloads/. Use a binary installer if one is available for your system. Otherwise, a source installer is required.

Then, install MyProxy and GSISSH.

Finally, set your environment. For C shells, do the following:

For Bourne shells, do the following:

Add these environment setting commands to your .cshrc, .login, .bashrc, or .profile file in your home directory so you don't need to run them again later.

Obtain your certificate from MyProxy

Now you should be ready to obtain your certificate from the TeraGrid MyProxy server by running the command below. This command will also update your environment with additional CA certificates and certificate revocation lists for TeraGrid. (Remove the -T option if you don't want the CA files updated.) Enter your TeraGrid Portal username in place of username, and enter your TeraGrid Portal password when prompted for your MyProxy pass phrase.

Alternatively, to use your NCSA Kerberos password, use myproxy.ncsa.uiuc.edu instead.

By default, your certificate from MyProxy is valid for 12 hours, so you can run myproxy-logon once each day. If you need a longer-lived certificate (for example, if you are submitting a long-running job), you can request a certificate valid for up to 11 days (264 hours) by adding the -t option, as in the following example.

Login via GSISSH

Now you can login to any TeraGrid systems where you have an account using the gsissh command.

You can also copy files to/from TeraGrid systems using gsiscp and gsisftp.

Troubleshooting

TeraGrid users can find additional information at http://www.teragrid.org/userinfo/. You can also consult the MyProxy Troubleshooting and GSISSH Troubleshooting pages.

The myproxy-logon -T command will keep your certificate revocation list files up-to-date for increased security. If you switch to some other method of managing your certificates, these files may become out-of-date, causing authentication problems. If this occurs, you can remove them with the following command.

If the myproxy-logon command fails with a "GSS" error, there may be a problem with your existing credentials. Try again after removing your existing proxy credential with the following command.

Last modified 10/21/10.
©2000-2019 Board of Trustees of the University of Illinois.