On Mon, 15 Oct 2012, Christopher J. Walker wrote:
> Snoplus would like automated procedures for moving data around - that
> don't rely on an individual being around to renew the proxy every week.
>
> AIUI, robot certificates are the answer, and
> https://ca.cern.ch/ca/Help/?kbid=021003 would tend to agree.
>
> There seem to be two options for storing this key - either a hardware
> token, or a dedicated machine. Are there any hardware tokens that are
> recommended, or at least which people around here have experience with,
> and how much do they cost?
Hi,
We are looking into this for MICE, for the same reason - a cron job can
generate a new proxy at suitable intervals (until you pull the hardware
key out of the machine). As usual for MICE, our actual progress is
slow...
Jens pointed me to a dated wiki page describing how to do this at
https://wiki.nikhef.nl/grid/EToken
I believe the Aladdin eToken mentioned is sold in the UK by Safenet (who
couldn't be bothered with us) and Exlayer
http://www.exlayer.co.uk/system/sec_eToken.html
but there is a minimum order size of 5 and you have to buy a copy of the
SDK with each one - so it was the wrong side of 300 quid to get
started. I can send the contact details if needed.
Being stingy, we instead bought a couple of ePass 2003 tokens
http://www.gooze.eu/epass-2003
- these are supposed to work with OpenSC under Linux and hence be visible
from OpenSSL, but I've not had a chance to actually sit down and play with
the thing yet so no idea if it even works at all, let alone some existing
instructions on how to make a Grid proxy with them.
If this is something that more VOs are interested in and there's someone
with the time and skills to get things working, then I'd certainly be keen
to get some sort of group effort going...
Thanks
Henry
> Workflow:
>
> I guess the idea would be to have the certificate used to generate a
> proxy every hour or so - and then use that for data management (and job
> submission).
--
Dr. Henry Nebrensky [log in to unmask]
http://people.brunel.ac.uk/~eesrjjn
"The opossum is a very sophisticated animal.
It doesn't even get up until 5 or 6 p.m."
|