Changes between Version 1 and Version 2 of Howtos/ESGFDownloadScript
- Timestamp:
- 18/11/10 09:59:03 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Howtos/ESGFDownloadScript
v1 v2 3 3 Secured services in the ESG Federation such as OPeNDAP support both OpenID and PKI based authentication. OpenID provides a convenient means for browser based access but for script based access an alternative PKI based solution is more suited. For this, a user obtains a short term authentication token which they can pass in their client programs or scripts to access secured services. The token is actually a key pair, a private key and associated X.509 certificate. The certificate typically last a few hours before it expires. Users obtain a certificate using a token service !MyProxy passing their usual username/password to obtain a certificate in response. Once obtained, it along with the private key can be used with programs like wget, to make secured calls to the service to obtain data. 4 4 5 == Obtaining Credentials from !MyProxy == 5 The steps shown below assume a Linux environment with `wget` installed. With some modification they should also work with Windows and Mac. 6 7 == 1) Obtaining Credentials from !MyProxy == 6 8 Two different client programs are described here: 7 1. Java MyProxyLogon Webstart application 8 1. Python MyProxyClient package 9 10 == !WGet Script == 9 1. Java [wiki:Howtos/ESGFDownloadScript#MyProxyLogonWebStart MyProxyLogon Webstart] application 10 1. Python [wiki:Howtos/ESGFDownloadScript#MyProxyClientPackage !MyProxyClient] package 11 11 12 12 They are alternative means of performing the same task of getting credentials. … … 18 18 }}} 19 19 A window should appear when the program is run. 20 * Enter your usual username/password in the Username and Passphrase textboxes respectively. 21 * For the `Hostname` field enter, `myproxy.ceda.ac.uk` for CEDAs MyProxy service. 22 * Alter the `Output` field to read, `<home directory>/.esg/credentials.pem` where <home directory> is your home directory path e.g. `/home/jbloggs` 23 * Click on the tickbox to select `Write trust roots` 24 * Click the `Logon` button 20 1. Enter your usual username/password in the Username and Passphrase textboxes respectively. 21 1. For the `Hostname` field enter, `myproxy.ceda.ac.uk` for CEDAs MyProxy service. 22 1. Alter the `Output` field to read, `<home directory>/.esg/credentials.pem` where <home directory> is your home directory path e.g. `/home/jbloggs` 23 1. Click on the tickbox to select `Write trust roots` 24 1. Click the `Logon` button 25 1. Copy CA files downloaded to the standard location for ESG: 26 {{{ 27 $ cp -r ~/.globus/certificates ~/.esg/ 28 }}} 25 29 26 30 == !MyProxyClient Package == … … 65 69 }}} 66 70 71 == 2) WGet Script == 72 1. Download the script 73 {{{ 74 $ wget http://proj.badc.rl.ac.uk/ndg/export/7730/TI12-security/trunk/esg_wget_script/esg-download.sh 75 }}} 76 1. Add execute permissions: 77 {{{ 78 $ chmod 755 ./esg-download.sh 79 }}} 80 1. Ensure you have credentials (following the steps in 1) above). 81 1. Run the script: 82 {{{ 83 $ /esg-download.sh 84 }}} 85 Nb. The script has many different options which can be set via command line switches or environment variables. Use the help option to check: 86 {{{ 87 $ /esg-download.sh -h 88 }}} 89 90