80 likes | 172 Views
Troubleshooting Grid authentication from the client side. By Adriaan van der Zee Big Grid meeting 2008-01-19. Contents. Introducing myself The project X.509 certificates, proxies and delegation Possible authentication problems Involved Grid components Problem identification tool.
E N D
Troubleshooting Grid authentication from the client side By Adriaan van der Zee Big Grid meeting 2008-01-19
Contents • Introducing myself • The project • X.509 certificates, proxies and delegation • Possible authentication problems • Involved Grid components • Problem identification tool
About me • 2004-2008: bachelor Information Technology(INHOLLAND Diemen) • Currently: one-year master System and Network Engineering(UvA Amsterdam) • First of two four-week research projects
The Project To what extent can authentication failures in the Grid be identified and resolved from the client side? • What are the possible causes of GSI authentication failures? • Which Grid components are involved in GSI authentication for standard job submission and execution? • How can a client determine which systems are probable causes of authentication failure for a job? • Is it possible for a client to test authentication by contacting such systems directly?
X.509 certificates, proxies and delegation • Proxy certificates are used for single sign-on and delegation • Not protected with a passphrase, but short-lived • Single sign-on: user can submit multiple jobs without re-entering passphrase • Delegation: a job can be sent further into the Grid on the user’s behalf • A MyProxy service can be used by a Grid component to renew a proxy
Possible authentication problems • Proxy or host certificate has expired • Certificate Revocation List (CRL) out of date • Unknown CA • VOMS attribute certificates missing • Failure to map user to a local account
Involved Grid components • UI • VOMS • MyProxy • WMS • CE
Problem identification tool • A command line tool for the UI • Used when (suspected) authentication failures are experienced • To identify the cause and system responsible for the authentication failure • Should aid problem resolution