Configuring Authentication

Now configure your installation of the VDT for authenticating with the correct authorities.  Globus's setup defaults are not sufficient.  Hence, run the following command:

$VDT_LOCATION/vdt/setup/setup-cert-request

There have been difficulties reported on 64-bit machines with this command.  The recommended version of the VDT is, of course, the 32-bit one (which can be installed on a 64-bit machine).

Check to make sure that the edg-crl-upgrade daemon is running:

ps aux | grep edg-crl-upgrade

If not, start it.  If the CRL list is not sufficiently recent, all globus authentication will fail.

/etc/init.d/edg-crl-upgraded start

At this point, make sure that your host certificate is installed on your computer.  If not, request it and install the resulting certificate into /etc/grid-security:

cd $VDT_LOCATION
. ./setup.sh
./globus/bin/grid-cert-request -host hostname.domain.tld

Follow the more precise instructions here.

A big part of getting authentication to work is having a site policy which decides who is allowed to send jobs to your cluster.  Currently, the best way to handle this is with a GUMS server.  Follow these directions to setup the server.  Once the GUMS server has been set up, copy the following files to your /etc/grid-security directory:

cp $VDT_LOCATION/post-install/gsi-authz.conf /etc/grid-security
cp $VDT_LOCATION/post-install/prima-authz.conf /etc/grid-security

Now globus should authenticate against your GUMS server.
If you are having troubles with prima not working with a SLC3/SLC4 install on a 64-bit machine, you may need to install a compatibility version of libcom (found in the "compat-libcom_err" on SLC4).