- chmod 644 /path/to/gsi_keys/hostcert.pem
- chmod 600 /path/to/gsi_keys/hostkey.pem /path/to/gsi_keys/hostproxycert
Now to setup the HTCondor daemons:
- in condor_config set GSI_DAEMON_DIRECTORY = /path/to/gsi_keys
- in condor_config set GRIDMAP = /path/to/gsi_keys/mapfiles/grid-mapfile
- in condor_config set SEC_DEFAULT_AUTHENTICATION = REQUIRED
- in condor_config set SEC_DEFAULT_AUTHENTICATION_METHODS = GSI
- For HTCondor 7.9.x and later in condor_config set GSI_SKIP_HOST_CHECK=true and that should do it on the HTCondor daemon side of things.
with your username. This is not necessary to get the daemons to start up, but needed for condor_submit.
On the client side, for simple testing without the need for grid-proxy-init and friends, you could just set the following environment variable for the tools to use:
setenv X509_USER_PROXY /path/to/gsi_keys/hostproxycert
- gsi_keys.tgz 4841 bytes added by zmiller on 2018-Apr-05 19:18:26 UTC.
Files needed for simple HTCondor GSI security setup; includes self-signed certs. Useful for testing.
- generate_gsi.tgz 4849 bytes added by zmiller on 2018-Apr-05 19:19:39 UTC.
Scripts and configuration files needed to generate a self-signed CA cert and a set of GSI keys. See README inside.