test

Sun N1 Grid Engine 6.1 Installation Guide

ProcedureHow to Generate Certificates and Private Keys for Users

To use the CSP-secured system, the user must have access to a user-specific certificate and private key. The most convenient method of gaining access is to create a text file identifying the users.

  1. On the master host, create and save a text file that identifies users.

    Use the format of the file myusers.txt shown in the following example. The fields of the file are UNIX_username:Gecos_field:email_address.


    eddy:Eddy Smith:eddy@my.org
sarah:Sarah Miller:sarah@my.org
leo:Leo Lion:leo@my.org

  2. As root on the master host, type the following command:


    # sge-root/util/sgeCA/sge_ca -usercert myusers.txt

  3. Confirm by typing the following command:


    # ls -l /var/sgeCA/port536/default/userkeys

    This directory listing produces output similar to the following example.


    dr-x------  2 eddy  staff       512 Mar  5 16:13 eddy
dr-x------  2 sarah staff        512 Mar  5 16:13 sarah
dr-x------  2 leo   staff        512 Mar 5 16:13 leo

  4. Tell each user listed in the file (myusers.txt in the example) to install the security-related files in their $HOME/.sge directories by typing the following commands.


    % source sge-root/default/common/settings.csh
% sge-root/util/sgeCA/sge_ca -copy

    Users should see the following confirmation (user eddy in the example).


    Certificate and private key for user
eddy have been installed

    For every grid engine software installation, a subdirectory for the corresponding SGE_QMASTER_PORT number is installed. The following example, based on the myusers.txt file, results from issuing the command preceding the output.


    % ls -lR $HOME/.sge

/home/eddy/.sge:
total 2
drwxr-xr-x  3 eddy staff        512 Mar  5 16:20 port536

/home/eddy/.sge/port536:
total 2
drwxr-xr-x  4 eddy staff        512 Mar  5 16:20 default

/home/eddy/.sge/port536/default:
total 4
drwxr-xr-x  2 eddy staff        512 Mar  5 16:20 certs
drwx------  2 eddy staff        512 Mar 5 16:20 private

/home/eddy/.sge/port536/default/certs:
total 8
-r--r--r--  1 eddy staff       3859 Mar  5 16:20 cert.pem

/home/eddy/.sge/port536/default/private:
total 6
-r--------  1 eddy staff        887 Mar  5 16:20 key.pem
-r--------  1 eddy staff       2048 Mar 5 16:20 rand.seed