1 / 8

Troubleshooting Grid authentication from the client side

Troubleshooting Grid authentication from the client side. By Adriaan van der Zee Big Grid meeting 2008-01-19. Contents. Introducing myself The project X.509 certificates, proxies and delegation Possible authentication problems Involved Grid components Problem identification tool.

morse
Download Presentation

Troubleshooting Grid authentication from the client side

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Troubleshooting Grid authentication from the client side By Adriaan van der Zee Big Grid meeting 2008-01-19

  2. Contents • Introducing myself • The project • X.509 certificates, proxies and delegation • Possible authentication problems • Involved Grid components • Problem identification tool

  3. About me • 2004-2008: bachelor Information Technology(INHOLLAND Diemen) • Currently: one-year master System and Network Engineering(UvA Amsterdam) • First of two four-week research projects

  4. The Project To what extent can authentication failures in the Grid be identified and resolved from the client side? • What are the possible causes of GSI authentication failures? • Which Grid components are involved in GSI authentication for standard job submission and execution? • How can a client determine which systems are probable causes of authentication failure for a job? • Is it possible for a client to test authentication by contacting such systems directly?

  5. X.509 certificates, proxies and delegation • Proxy certificates are used for single sign-on and delegation • Not protected with a passphrase, but short-lived • Single sign-on: user can submit multiple jobs without re-entering passphrase • Delegation: a job can be sent further into the Grid on the user’s behalf • A MyProxy service can be used by a Grid component to renew a proxy

  6. Possible authentication problems • Proxy or host certificate has expired • Certificate Revocation List (CRL) out of date • Unknown CA • VOMS attribute certificates missing • Failure to map user to a local account

  7. Involved Grid components • UI • VOMS • MyProxy • WMS • CE

  8. Problem identification tool • A command line tool for the UI • Used when (suspected) authentication failures are experienced • To identify the cause and system responsible for the authentication failure • Should aid problem resolution

More Related