| | 1 | [[PageOutline]] |
| | 2 | |
| | 3 | = User’s credential = |
| | 4 | |
| | 5 | To configure the security settings please create or edit the ''~/.globus/cog.properties'' file. |
| | 6 | |
| | 7 | Client expects the access either to the pair of user certificate and private key files in "pem" format or to the proxy certificate file. |
| | 8 | |
| | 9 | '''IMPORTANT:''' If the user has the certificate in p12 format, the certificate has to be first converted to the pem format files. |
| | 10 | {{{ |
| | 11 | openssl pkcs12 -nocerts -in cert.p12 -out userkey.pem |
| | 12 | openssl pkcs12 -clcerts -nokeys -in cert.p12 -out usercert.pem |
| | 13 | }}} |
| | 14 | |
| | 15 | Add or edit the location of key/certificate files in the cog.properties file. |
| | 16 | |
| | 17 | {{{ |
| | 18 | usercert=/home/piontek/.globus/usercert.pem |
| | 19 | userkey=/home/piontek/.globus/userkey.pem |
| | 20 | }}} |
| | 21 | |
| | 22 | As an alternative the path to the user proxy certificate file can be specified. |
| | 23 | |
| | 24 | {{{ |
| | 25 | proxy=/tmp/x509up_u501 |
| | 26 | }}} |
| | 27 | |
| | 28 | If certificate and key are specified and exist the user proxy certificate is automatically created by the client. Otherwise the proxy certificate has to be created somehow else (e.g. using the `grid-proxy-init` tool) and copied to the location pointed out by the ''proxy'' variable. In the second case checking of the key format must be disabled in the qcg configuration. Please see the ''QCG_ENV_SKIP_KEY_CHECK'' variable in the next section. |
| | 29 | |
| | 30 | = Configuration of the client = |
| | 31 | One can overwrite global client configuration crating or editing the ~/.qcg/qcg.conf file and setting the following variables: |
| | 32 | * QCG_ENV_PROXY_DURATION - default lifetime (in hours) of the proxy certificate created by the client, |
| | 33 | * QCG_ENV_PROXY_DURATION_MIN - minimal liefetime of the proxy certificate in hours. If the remaining lifetime is shorter then the given value the proxy is automatically recreated by the client |
| | 34 | * QCG_ENV_CONNECT_TIMEOUT - maximal time (in seconds) that the client waits to connect to the interactive sesion, |
| | 35 | * QCG_ENV_SKIP_KEY_CHECK - If the variable is not empty client do not check the correctness of the key format. Must be check if the client is configured to use the proxy and the key/certificate are not provided. |
