documents >
User's Manual >
GSI Authentication
GSI Authentication
English | Japanese
This document describes the settings required for GSI authentication
in Gfarm. For details, refer
to
GSI C Admin Guide.
Certificate Authority
The public key of trusted certificate authorities are stored at
/etc/grid-security/certificates as a form of HASH.0. A signing policy
file is also required.
Host certificate
For gfmd, a host certificate is required, which should be stored at
/etc/grid-security/host{cert,key}.pem by default. The location can be
changed by X509_USER_{CERT,KEY} environment variables.
Gfsd service certificate
For gfsd, a gfsd service certificate is required, which should be
stored at /etc/grid-security/gfsd/gfsd{cert,key}.pem by default. The
location can be changed by X509_USER_{CERT,KEY} environment variables.
The owner of this file should be _gfarmfs.
User certificate
For users, a user certificate is required, which should be stored at
$HOME/.globus/user{cert,key}.pem by default. The location can be
changed by X509_USER_{CERT,KEY} environment variables.
In GSI, a proxy certificate can be generated by grid-proxy-init or
proxy-cert-gen command. The default location is /tmp/x509up_u${UID}.
The location can be changed by X509_USER_PROXY environment variable.
SEE ALSO
gfarm2.conf(5)
Gfarm File System <gfarmfs at gmail.com>