Difference between revisions of "Using an Aladdin eToken PRO to generate grid proxies"
From PDP/Grid Wiki
Jump to navigationJump to search| Line 1: | Line 1: | ||
=Using an Aladdin eToken PRO to generate grid proxies= | =Using an Aladdin eToken PRO to generate grid proxies= | ||
| − | Once your grid certificate and private key are safely stored on your eToken, you can generate grid proxies directly from the eToken. A shell script ( [[Media:Mkproxy|mkproxy script]] ) was written for this purpose. | + | Once your grid certificate and private key are safely stored on your eToken, you can generate grid proxies directly from the eToken. |
| − | * Windows (using cygwin) | + | |
| − | * CentOS 4 | + | A shell script ( [[Media:Mkproxy|mkproxy script]] ) was written for this purpose. This script requires quite a few special programs and libraries , most of which can be downloaded [[Media:Mkproxy.tar.gz|here]] . Due to licensing restrictions we cannot supply the eToken libraries in this tarball, these need to be downloaded from Aladdin. You can find the required software on the web: |
| − | * Fedora Core 5 | + | * Windows: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/2c0/RTE_3.65.zip |
| + | * Linux: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/179/eToken_PKI_Client_for_Linux_v3_65.rar | ||
| + | * MacOS: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/973/PKI_3_65_Mac.zip | ||
| + | |||
| + | Please read the instructions on [[eToken]] to install the eToken RTE software before attempting to use this script. | ||
| + | |||
| + | The script has been tested on | ||
| + | * Windows XP (using cygwin) | ||
| + | * Linux CentOS 4 (rhel4) | ||
| + | * Linux Fedora Core 5 (fc5) | ||
| + | In the near future we hope to test it on MacOS X as well | ||
| + | |||
| + | <b>Note</b> It does <b>NOT</b> work on Windows using the MingW/MSys shell. | ||
| + | |||
| + | |||
| + | ==mkproxy script usage== | ||
| + | |||
| + | To see the help page for using the [[Media:Mkproxy|mkproxy script]] , type | ||
| + | ./mkproxy --help | ||
| + | Which will return | ||
| + | mkproxy version 1.00 | ||
| + | This script will generate a X509 grid proxy using a public/private | ||
| + | key pair found on an attached Aladdin eToken PRO. | ||
| + | |||
| + | Options | ||
| + | [--help] Displays usage. | ||
| + | [--version] Displays version. | ||
| + | [--debug] Enables extra debug output. | ||
| + | [--quiet] Quiet mode, minimal output. | ||
| + | [--old] Creates a legacy globus proxy. | ||
| + | [--rfc] Creates a RFC 3820 compliant proxy. | ||
| + | [--days=N] Number of days the proxy is valid (default=1). | ||
| + | [--path-length=N] Allow a chain of at most N proxies to be generated | ||
| + | from this one (default=2). | ||
| + | [--bits=N] Number of bits in key (512, 1024, 2048, default=512). | ||
| + | [--out=proxyfile] Non-standard location of new proxy cert. | ||
| + | |||
| + | [--slot=N] Slot number where eToken is located (default=0). | ||
| + | [--label=string] (Part of) label of X509 certificate on eToken. | ||
| + | [--id=string] (Part of) ID of X509 certificate on eToken. | ||
| + | [--platform=rhel4|fc5|cygwin|guess] | ||
| + | Overrule the system platform. | ||
Revision as of 16:27, 19 April 2007
Using an Aladdin eToken PRO to generate grid proxies
Once your grid certificate and private key are safely stored on your eToken, you can generate grid proxies directly from the eToken.
A shell script ( mkproxy script ) was written for this purpose. This script requires quite a few special programs and libraries , most of which can be downloaded here . Due to licensing restrictions we cannot supply the eToken libraries in this tarball, these need to be downloaded from Aladdin. You can find the required software on the web:
- Windows: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/2c0/RTE_3.65.zip
- Linux: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/179/eToken_PKI_Client_for_Linux_v3_65.rar
- MacOS: http://www.aladdin.ru/bitrix/redirect.php?event1=download&goto=/upload/iblock/973/PKI_3_65_Mac.zip
Please read the instructions on eToken to install the eToken RTE software before attempting to use this script.
The script has been tested on
- Windows XP (using cygwin)
- Linux CentOS 4 (rhel4)
- Linux Fedora Core 5 (fc5)
In the near future we hope to test it on MacOS X as well
Note It does NOT work on Windows using the MingW/MSys shell.
mkproxy script usage
To see the help page for using the mkproxy script , type
./mkproxy --help
Which will return
mkproxy version 1.00
This script will generate a X509 grid proxy using a public/private
key pair found on an attached Aladdin eToken PRO.
Options
[--help] Displays usage.
[--version] Displays version.
[--debug] Enables extra debug output.
[--quiet] Quiet mode, minimal output.
[--old] Creates a legacy globus proxy.
[--rfc] Creates a RFC 3820 compliant proxy.
[--days=N] Number of days the proxy is valid (default=1).
[--path-length=N] Allow a chain of at most N proxies to be generated
from this one (default=2).
[--bits=N] Number of bits in key (512, 1024, 2048, default=512).
[--out=proxyfile] Non-standard location of new proxy cert.
[--slot=N] Slot number where eToken is located (default=0).
[--label=string] (Part of) label of X509 certificate on eToken.
[--id=string] (Part of) ID of X509 certificate on eToken.
[--platform=rhel4|fc5|cygwin|guess]
Overrule the system platform.
