User’s credential

To configure the security settings please create or edit the ~/.globus/cog.properties file.

Client expects the access either to the pair of user certificate and private key files in "pem" format or to the proxy certificate file.

IMPORTANT: If the user has the certificate in p12 format, the certificate has to be first converted to the pem format files.

  openssl pkcs12 -nocerts -in cert.p12 -out userkey.pem
  openssl pkcs12 -clcerts -nokeys -in cert.p12 -out usercert.pem

Add or edit the location of key/certificate files in the cog.properties file.

usercert=/home/piontek/.globus/usercert.pem
userkey=/home/piontek/.globus/userkey.pem

As an alternative the path to the user proxy certificate file can be specified.

proxy=/tmp/x509up_u501

If certificate and key are specified and exist the user proxy certificate is automatically created by the client. Otherwise the proxy certificate has to be created somehow else (e.g. using the grid-proxy-init tool) and copied to the location pointed out by the proxy variable. In the second case checking of the key format must be disabled in the qcg configuration. Please see the QCG_ENV_SKIP_KEY_CHECK variable in the next section.

Configuration of the client

One can overwrite global client configuration crating or editing the ~/.qcg/qcg.conf file

IMPORTANT: All variables have to be "exported".

Proxy configuration

  • QCG_ENV_PROXY_DURATION - default lifetime (in hours) of the proxy certificate created by the client,
  • QCG_ENV_PROXY_DURATION_MIN - minimal liefetime of the proxy certificate in hours. If the remaining lifetime is shorter then the given value the proxy is automatically recreated by the client
    export QCG_ENV_PROXY_DURATION=600
    export QCG_ENV_PROXY_DURATION_MIN=240
    

Columns (qcg-list, qcg-rlist) configuration

  • QCG_ENV_TASK_FORMAT - Format for the qcg-list command. Default format: "%-22I %-20N %-15T %-15X %-15E %-16S %-8H %-5F %-20D";
  • QCG_ENV_RESERVATION_FORMAT - Format for the qcg-rlist command. Default format: "%-22I %-20N %-15T %-15X %-15E %-16S %-8H %-5C %-20D";
  • QCG_ENV_LIST_TIME_FORMAT - date format. Default format: "dd.MM.yy HH:mm"
export QCG_TASK_FORMAT="%-22I  %-20N  %-15T  %-15X  %-15E  %-16S  %-8H  %-5F  %-20D";
export QCG_RESERVATION_FORMAT="%-22I  %-20N  %-15T  %-15X  %-15E  %-16S  %-8H  %-5C  %-20D";
export QCG_LIST_TIME_FORMAT="dd.MM.yy HH:mm"

Interactive tasks configuration

  • QCG_ENV_CONNECT_TIMEOUT - maximal time (in seconds) that the client waits to connect to the interactive sesion,
    export QCG_ENV_CONNECT_TIMEOUT=60
    

Security configuration

  • QCG_ENV_SKIP_KEY_CHECK - If the variable is not empty client do not check the correctness of the key format. Must be check if the client is configured to use the proxy and the key/certificate are not provided.
  • QCG_ENV_CERTIFICATES - directory with CA certificates.
    export QCG_ENV_SKIP_KEY_CHECK=true
    export QCG_ENV_CERTIFICATES=/etc/grid-security/certificates
    

IMPORTANT:Big number of CA certificates can increase the time needed to initialize the client.