Changes between Version 5 and Version 6 of installation_GridFTP

Show
Ignore:
Timestamp:
05/16/11 15:06:16 (13 years ago)
Author:
bartek
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • installation_GridFTP

    v5 v6  
    137137 * `/etc/grid-security/grid-security.conf` - is a main configuration file that contains the name and email address for the given CA. 
    138138 
    139  These files are usually provided by the CA, particularly [[!QosCosGrid|CA]] or [[http://www.man.poznan.pl/plgrid-ca/|PL-Grid]] does provides these files. Typically, CA configuration files are placed in `/etc/grid-security/certificates/` directory with additional extension `.CA_hash_name` and only appropriate symbolic links are created in `/etc/grid-security/`. Globus Toolkit provides `grid-default-ca` command which can be used to automatically create appropriate links. 
     139 These files are usually provided by the CA, i.e. [[http://www.man.poznan.pl/plgrid-ca/|PL-Grid]]. Typically, CA configuration files are placed in `/etc/grid-security/certificates/` directory with additional extension `.CA_hash_name` and only appropriate symbolic links are created in `/etc/grid-security/`. Globus Toolkit provides `grid-default-ca` command which can be used to automatically create appropriate links. 
    140140 
    141141== Requesting host and user X.509 certificates == 
     
    156156* otherwise, in `/etc/grid-security/grid-mapfile`. 
    157157 
    158 '''Note:''' In the QosCosGrid project there is a possibility to generate a new user X.509 certificate in more [[http://node2.qoscosgrid.man.poznan.pl:80/gridsphere/gridsphere/guest/security/r/|user-friendly way]] 
     158'''Note:''' In the !QosCosGrid there is a possibility to generate a new user X.509 certificate in more [[http://node2.qoscosgrid.man.poznan.pl:80/gridsphere/gridsphere/guest/security/r/|user-friendly way]] 
    159159 
    160160== Firewall configuration == 
    161161 
    162 Detailed information on GT firewall issues can be found at http://www.globus.org/toolkit/security/firewalls/. This paragraph only lists the minimum required firewall configuration and gives a short overview of the basic issues. To enable remote access to Globus Toolkit services the following TCP port should be opened for the incoming connections: 
    163 *static port: 2811 for main GridFTP daemon port 
    164 *ephemeral TCP ports: various Globus services require an arbitrary chosen TCP port range. It is controllable by environmental variable GLOBUS_TCP_PORT_RANGE for pre-ws components. Make sure it is defined in daemons environment (i.e. put it in (x)inetd configuration entries) 
     162Detailed information on GT firewall issues can be found at [[http://www.globus.org/toolkit/security/firewalls/]]. This paragraph only lists the minimum required firewall configuration and gives a short overview of the basic issues. To enable remote access to Globus Toolkit services the following TCP port should be opened for the incoming connections: 
     163* static port: 2811 for main GridFTP daemon port 
     164* ephemeral TCP ports: various Globus services require an arbitrary chosen TCP port range. It is controllable by environmental variable `GLOBUS_TCP_PORT_RANGE` for pre-ws components. Make sure it is defined in daemons environment (i.e. put it in (x)inetd configuration entries). 
    165165 
    166166Figure below gives an overview of typical Globus/GridFTP communication flow It shows the meaning of the aforementioned Globus TCP port range.