- chmod 644 /path/to/gsi_keys/hostcert.pem
- chmod 600 /path/to/gsi_keys/hostkey.pem /path/to/gsi_keys/hostproxycert
Now to setup the HTCondor daemons:
- in condor_config set GSI_DAEMON_DIRECTORY = /path/to/gsi_keys
- in condor_config set GRIDMAP = /path/to/gsi_keys/mapfiles/grid-mapfile
- in condor_config set SEC_DEFAULT_AUTHENTICATION = REQUIRED
- in condor_config set SEC_DEFAULT_AUTHENTICATION_METHODS = GSI
- For HTCondor 7.9.x and later in condor_config set GSI_SKIP_HOST_CHECK=true and that should do it on the HTCondor daemon side of things.
Optionally, edit /path/to/gsi_keys/mapfiles/grid-mapfile and replace USERNAME_HERE with your username. This is not necessary to get the daemons to start up, but needed for condor_submit.
On the client side, for simple testing without the need for grid-proxy-init and friends, you could just set the following environment variable for the tools to use:
setenv X509_USER_PROXY /path/to/gsi_keys/hostproxycert
Attachments:
- gsi_keys.tgz 4841 bytes added by zmiller on 2018-Apr-05 19:18:26 UTC.
Files needed for simple HTCondor GSI security setup; includes self-signed certs. Useful for testing.
- generate_gsi.tgz 4849 bytes added by zmiller on 2018-Apr-05 19:19:39 UTC.
Scripts and configuration files needed to generate a self-signed CA cert and a set of GSI keys. See README inside.