Re: [gt-user] Enforce data Encryption on grid-ftp
What...? Brock, you'll be giving a Globus World (http://www.globusworld.org/) talk which is this April 16 - 18? That's great! I'll be sure to register (http://www.globusworld.org/register.php) now and make my plans to attend! Thanks so much for letting me know! On Feb 13, 2013, at Feb 13, 2:16 PM, Brock Palen wrote: > Don't have them exactly yet, but wait for my Globus World talk ;-) > > Brock Palen > www.umich.edu/~brockp > CAEN Advanced Computing > bro...@umich.edu > (734)936-1985 > > > > On Feb 13, 2013, at 2:59 PM, Raj Kettimuthu wrote: > >> On Feb 13, 2013, at 1:33 PM, Brock Palen wrote: >> >>> I think so. GO would be our main client anyway. >>> >>> Is there a way for force it from GO? >> >> Currently, there is no way for users (as endpoint owners) to set this. I >> have put in a Jira item for this. If you send me the endpoints that you want >> to force encryption, we can set this for you. >> >> Raj >> >>> >>> Brock Palen >>> www.umich.edu/~brockp >>> CAEN Advanced Computing >>> bro...@umich.edu >>> (734)936-1985 >>> >>> >>> >>> On Feb 13, 2013, at 2:28 PM, Raj Kettimuthu wrote: >>> Hi Brock, GridFTP server does not provide an option to enforce encryption for all transfers. But here is what we can do: 1. Use '-allow-from' option in the server to ensure that users can access this server only from Globus Online 2. Make sure that Globus Online always enables encryption for transfers to and from this endpoint Will this work for your use case? Raj On Feb 13, 2013, at 12:18 PM, Brock Palen wrote: > Is there a way to require encryption when talking to a grid-ftp server? > We have a case where data are sensitive and the requirement users are > that they never be transmitted in the clear. > > We would rather not leave setting encryption to every user request. > > Thanks! > > Brock Palen > www.umich.edu/~brockp > CAEN Advanced Computing > bro...@umich.edu > (734)936-1985 > > > >>> >> >
Re: [gt-user] Enforce data Encryption on grid-ftp
Don't have them exactly yet, but wait for my Globus World talk ;-) Brock Palen www.umich.edu/~brockp CAEN Advanced Computing bro...@umich.edu (734)936-1985 On Feb 13, 2013, at 2:59 PM, Raj Kettimuthu wrote: > On Feb 13, 2013, at 1:33 PM, Brock Palen wrote: > >> I think so. GO would be our main client anyway. >> >> Is there a way for force it from GO? > > Currently, there is no way for users (as endpoint owners) to set this. I have > put in a Jira item for this. If you send me the endpoints that you want to > force encryption, we can set this for you. > > Raj > >> >> Brock Palen >> www.umich.edu/~brockp >> CAEN Advanced Computing >> bro...@umich.edu >> (734)936-1985 >> >> >> >> On Feb 13, 2013, at 2:28 PM, Raj Kettimuthu wrote: >> >>> Hi Brock, >>> GridFTP server does not provide an option to enforce encryption for all >>> transfers. But here is what we can do: >>> 1. Use '-allow-from' option in the server to ensure that users can access >>> this server only from Globus Online >>> 2. Make sure that Globus Online always enables encryption for transfers to >>> and from this endpoint >>> >>> Will this work for your use case? >>> >>> Raj >>> >>> On Feb 13, 2013, at 12:18 PM, Brock Palen wrote: >>> Is there a way to require encryption when talking to a grid-ftp server? We have a case where data are sensitive and the requirement users are that they never be transmitted in the clear. We would rather not leave setting encryption to every user request. Thanks! Brock Palen www.umich.edu/~brockp CAEN Advanced Computing bro...@umich.edu (734)936-1985 >>> >> >
Re: [gt-user] Enforce data Encryption on grid-ftp
On Feb 13, 2013, at 1:33 PM, Brock Palen wrote: > I think so. GO would be our main client anyway. > > Is there a way for force it from GO? Currently, there is no way for users (as endpoint owners) to set this. I have put in a Jira item for this. If you send me the endpoints that you want to force encryption, we can set this for you. Raj > > Brock Palen > www.umich.edu/~brockp > CAEN Advanced Computing > bro...@umich.edu > (734)936-1985 > > > > On Feb 13, 2013, at 2:28 PM, Raj Kettimuthu wrote: > >> Hi Brock, >> GridFTP server does not provide an option to enforce encryption for all >> transfers. But here is what we can do: >> 1. Use '-allow-from' option in the server to ensure that users can access >> this server only from Globus Online >> 2. Make sure that Globus Online always enables encryption for transfers to >> and from this endpoint >> >> Will this work for your use case? >> >> Raj >> >> On Feb 13, 2013, at 12:18 PM, Brock Palen wrote: >> >>> Is there a way to require encryption when talking to a grid-ftp server? We >>> have a case where data are sensitive and the requirement users are that >>> they never be transmitted in the clear. >>> >>> We would rather not leave setting encryption to every user request. >>> >>> Thanks! >>> >>> Brock Palen >>> www.umich.edu/~brockp >>> CAEN Advanced Computing >>> bro...@umich.edu >>> (734)936-1985 >>> >>> >>> >> >
Re: [gt-user] Enforce data Encryption on grid-ftp
I think so. GO would be our main client anyway. Is there a way for force it from GO? Brock Palen www.umich.edu/~brockp CAEN Advanced Computing bro...@umich.edu (734)936-1985 On Feb 13, 2013, at 2:28 PM, Raj Kettimuthu wrote: > Hi Brock, > GridFTP server does not provide an option to enforce encryption for all > transfers. But here is what we can do: > 1. Use '-allow-from' option in the server to ensure that users can access > this server only from Globus Online > 2. Make sure that Globus Online always enables encryption for transfers to > and from this endpoint > > Will this work for your use case? > > Raj > > On Feb 13, 2013, at 12:18 PM, Brock Palen wrote: > >> Is there a way to require encryption when talking to a grid-ftp server? We >> have a case where data are sensitive and the requirement users are that they >> never be transmitted in the clear. >> >> We would rather not leave setting encryption to every user request. >> >> Thanks! >> >> Brock Palen >> www.umich.edu/~brockp >> CAEN Advanced Computing >> bro...@umich.edu >> (734)936-1985 >> >> >> >
Re: [gt-user] Enforce data Encryption on grid-ftp
Hi Brock, GridFTP server does not provide an option to enforce encryption for all transfers. But here is what we can do: 1. Use '-allow-from' option in the server to ensure that users can access this server only from Globus Online 2. Make sure that Globus Online always enables encryption for transfers to and from this endpoint Will this work for your use case? Raj On Feb 13, 2013, at 12:18 PM, Brock Palen wrote: > Is there a way to require encryption when talking to a grid-ftp server? We > have a case where data are sensitive and the requirement users are that they > never be transmitted in the clear. > > We would rather not leave setting encryption to every user request. > > Thanks! > > Brock Palen > www.umich.edu/~brockp > CAEN Advanced Computing > bro...@umich.edu > (734)936-1985 > > >
[gt-user] Globus Toolkit 5.2.4
The GT development team is pleased to make a new stable release of the Globus Toolkit available for download. This release is primarily to add beta support for "Sharing" for use with Globus Online Download links: http://www.globus.org/toolkit/downloads/5.2.4/ Quickstart and detailed installation instructions: http://www.globus.org/toolkit/docs/5.2/5.2.4/admin/ If you've already installed the 5.2 stable repository package, you can get the new packages via an apt or yum update without installing a new repo. Highlights of this release include: - GridFTP + Add beta support for "Sharing" for use with Globus Online (https://www.globusonline.org/). + Added ability for clients to authenticate without delegating. + Added support for client to force using IPv6 via an environment variable + Improved reliability, logging, and fixed memory leaks Also supported with native RPM or Debian Packages: - CentOS 4, 5, 6; - Fedora 16, 17; - RHEL 5, 6; - Scientific Linux 5, 6; - Debian 6, 7 (testing); - Ubuntu 10.04, 11.10, 12.04, 12.10; The toolkit is also tested on the following platforms: Solaris 11, MacOS 10.8 (Mountain Lion)
[gt-user] Enforce data Encryption on grid-ftp
Is there a way to require encryption when talking to a grid-ftp server? We have a case where data are sensitive and the requirement users are that they never be transmitted in the clear. We would rather not leave setting encryption to every user request. Thanks! Brock Palen www.umich.edu/~brockp CAEN Advanced Computing bro...@umich.edu (734)936-1985
Re: [gt-user] Issue with grid-default-ca
Dear Markus You're right! I have to run the globus-update-certificate-dir on the host with openssl 1.0, and correct it "automaticaly". I could after choice the good hash one as a defaut CA. Thank's a lot! Regards On 12/02/2013 19:35, Markus Binsteiner wrote: Hi, not sure whether you are hitting this, but there version of OpenSSL that globus 5 uses changed and that uses a different name hashing algorithm. There is a tool called globus-update-certificate-dir that should link the new hashes to the old files or vice versa, can't remember... Cheers, Markus On Tue, 2013-02-12 at 19:03 -0600, Jerome wrote: Dear all I notice a strange error during the definition of my default CA here. I've using a virtual machine as a SimpleCA, and generate a deb file to put it on other machines on my grid. In the first one, when i run the grid-default-ca, i use the hash of my simpleCA as this: # grid-default-ca -ca 0cf63ec0 setting the default CA to: /O=Grid/OU=GlobusTest/OU=simpleCA-simpleca.xxx.xxx.xxx/CN=Globus Simple CA The file: /etc/grid-security/certificates/grid-security.conf.3a8a9683 does not exist The CA: /O=Grid/OU=GlobusTest/OU=simpleCA-simpleca.ibt.unam.mx/CN=Globus Simple CA has not been setup correctly. So, why the command is serching a different hash (3a8a9683) that i choice? -- -- Jérôme Chaque coup de colère est un coup de vieux, chaque sourire est un coup de jeune. (Proverbe chinois)
