Wisdom Gsi Setup

Untar the attached file somewhere, then:
  1. chmod 644 /path/to/gsi_keys/hostcert.pem
  2. chmod 600 /path/to/gsi_keys/hostkey.pem /path/to/gsi_keys/hostproxycert

Now to setup the HTCondor daemons:

  1. in condor_config set GSI_DAEMON_DIRECTORY = /path/to/gsi_keys
  2. in condor_config set GRIDMAP = /path/to/gsi_keys/mapfiles/grid-mapfile
  3. in condor_config set SEC_DEFAULT_AUTHENTICATION = REQUIRED
  4. in condor_config set SEC_DEFAULT_AUTHENTICATION_METHODS = GSI
  5. For HTCondor 7.9.x and later in condor_config set GSI_SKIP_HOST_CHECK=true and that should do it on the HTCondor daemon side of things.

Optionally, edit /path/to/gsi_keys/mapfiles/grid-mapfile and replace USERNAME_HERE with your username. This is not necessary to get the daemons to start up, but needed for condor_submit.

On the client side, for simple testing without the need for grid-proxy-init and friends, you could just set the following environment variable for the tools to use:

   setenv X509_USER_PROXY /path/to/gsi_keys/hostproxycert

Attachments:

  • gsi_keys.tgz 4841 bytes added by zmiller on 2018-Apr-05 19:18:26 UTC.
    Files needed for simple HTCondor GSI security setup; includes self-signed certs. Useful for testing.
  • generate_gsi.tgz 4849 bytes added by zmiller on 2018-Apr-05 19:19:39 UTC.
    Scripts and configuration files needed to generate a self-signed CA cert and a set of GSI keys. See README inside.