On Dec 4, 2007 12:51 PM, Charles Bacon <[EMAIL PROTECTED]> wrote: > On Dec 3, 2007, at 11:37 PM, Wilson Jr. wrote: > > > I'm still a little lost with GSI, but I'm needing to use security > > and I'm having no success. > > > > First, a doubt: > > I have a simpleCa for a cluster in college, and a usercert there. > > I have a simpleCa in my own pc at home, and a usercert here. > > I did a service and deployed at college, and I'm trying to run the > > client at home, but without success. > > > > How does the college machine trust my home SimpleCA? > > You add your home SimpleCA's public certificate to /etc/grid-security/ > certificates on your college machine. See the quickstart section > about setting up security on a second machine: http://www.globus.org/ > toolkit/docs/4.0/admin/docbook/quickstart.html#q-security2 >
Ok Charles, just to be sure, these are the sequence I have to do? *gpt-build ....* *gpt-postinstall* But like I have two SimpleCa, and already have installed a simpleCa, I do a setup-gsi without the -default? *setup-gsi* > > > The fact is that I'm getting this error above, 'cause like the > > container is running from the globus user, it looks his certificates, > > How Do I put to use the certs from my first user: user01, that is > > running MyService? > > Have your service use the delegation service (http://www.globus.org/ > toolkit/docs/4.0/security/delegation/developer-index.html). > > The flow is: > 1) user01 calls the delegation service using globus-credential-delegate > 2) user01 calls MyService, giving it the EPR of the delegated > credential > 3) MyService calls the delegation service to run as the user's > delegated credential > 4) MyService calls ogsa-dai as the user Ok, can I use only SecureConversation with delegation? Puts in my service security descriptor, Secure Conversation, with both Privacy and Integrity , and delegation. For me I'ts better 'cause DeliverToFtp, needs secureConversation with delegation. How do I use on the calling to Ogsa-dai to reuse the credentials delegated by the user in Java? > > > > Charles > Thank you. -- "É este um mundo no qual devemos esconder nossas virtudes?" Willian Shakespeare **************** Wilson Júnior ****************
