Changes between Version 1 and Version 2 of Howtos/ESGFDownloadScript


Ignore:
Timestamp:
18/11/10 09:59:03 (10 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Howtos/ESGFDownloadScript

    v1 v2  
    33Secured services in the ESG Federation such as OPeNDAP support both OpenID and PKI based authentication.  OpenID provides a convenient means for browser based access but for script based access an alternative PKI based solution is more suited.  For this, a user obtains a short term authentication token which they can pass in their client programs or scripts to access secured services.  The token is actually a key pair, a private key and associated X.509 certificate.  The certificate typically last a few hours before it expires.  Users obtain a certificate using a token service !MyProxy passing their usual username/password to obtain a certificate in response.  Once obtained, it along with the private key can be used with programs like wget, to make secured calls to the service to obtain data. 
    44 
    5 == Obtaining Credentials from !MyProxy == 
     5The steps shown below assume a Linux environment with `wget` installed.  With some modification they should also work with Windows and Mac. 
     6 
     7== 1) Obtaining Credentials from !MyProxy == 
    68Two different client programs are described here:  
    7  1. Java MyProxyLogon Webstart application 
    8  1. Python MyProxyClient package 
    9  
    10 == !WGet Script == 
     9 1. Java [wiki:Howtos/ESGFDownloadScript#MyProxyLogonWebStart MyProxyLogon Webstart] application 
     10 1. Python [wiki:Howtos/ESGFDownloadScript#MyProxyClientPackage !MyProxyClient] package 
    1111 
    1212They are alternative means of performing the same task of getting credentials. 
     
    1818}}} 
    1919A window should appear when the program is run.   
    20  * Enter your usual username/password in the Username and Passphrase textboxes respectively.   
    21  * For the `Hostname` field enter, `myproxy.ceda.ac.uk` for CEDAs MyProxy service. 
    22  * Alter the `Output` field to read, `<home directory>/.esg/credentials.pem` where <home directory> is your home directory path e.g. `/home/jbloggs` 
    23  * Click on the tickbox to select `Write trust roots` 
    24  * Click the `Logon` button 
     20 1. Enter your usual username/password in the Username and Passphrase textboxes respectively.   
     21 1. For the `Hostname` field enter, `myproxy.ceda.ac.uk` for CEDAs MyProxy service. 
     22 1. Alter the `Output` field to read, `<home directory>/.esg/credentials.pem` where <home directory> is your home directory path e.g. `/home/jbloggs` 
     23 1. Click on the tickbox to select `Write trust roots` 
     24 1. Click the `Logon` button 
     25 1. Copy CA files downloaded to the standard location for ESG: 
     26{{{ 
     27$ cp -r ~/.globus/certificates ~/.esg/ 
     28}}} 
    2529 
    2630== !MyProxyClient Package == 
     
    6569    }}} 
    6670 
     71== 2) WGet Script == 
     72 1. Download the script 
     73{{{ 
     74$ wget http://proj.badc.rl.ac.uk/ndg/export/7730/TI12-security/trunk/esg_wget_script/esg-download.sh 
     75}}} 
     76 1. Add execute permissions: 
     77{{{ 
     78$ chmod 755 ./esg-download.sh 
     79}}} 
     80 1. Ensure you have credentials (following the steps in 1) above). 
     81 1. Run the script: 
     82{{{ 
     83$ /esg-download.sh 
     84}}} 
     85Nb. The script has many different options which can be set via command line switches or environment variables.  Use the help option to check: 
     86{{{ 
     87$ /esg-download.sh -h 
     88}}} 
     89 
     90