MGRID Portal How-To

Installing kx509 for Firefox on Mac OSX
Grid-Enable Your Browser > Installing kx509 for Firefox on Mac OSX

IMPORTANT: Before you begin, make sure that your computer's time and time zone are correct. Portal authentication will not work if your computr's clock is more than five minutes from the Kerberos server.

1. Download

Make sure you have Kerberos 5 and OpenSSL support on your system by verifying that you have the files:

/usr/bin/kinit
/usr/bin/openssl

Most OSX systems come with this pre-installed. If you do not have them, have your system administrator install them, or download and install it yourself from the MIT Kerberos Distribution Page.

The following steps require administrator privileges.

If you already have a /etc/krb5.conf file, it is suggested that you save a copy to /etc/krb5.conf.save. Make sure there is only one kerberos configuration file on your hard disk. Some systems have a /Library/Preferences/edu.mit.Kerberos file which should be moved or removed, as it overrides the /etc/krb5.conf

Download the kx509-osx-tar-gz file by holding the mouse button down on and selecting "Save Link As...". You should save this file in your home directory.

You will need to manually perform the following install from a shell window:

$ sudo -s
$ cd /
$ tar -zxvf ~/kx509-osx-tar-gz
$ exit

Now you should be able to execute the "kin" command. It will prompt you for your Kerberos password. If successuful, it will create a temporary certificate good for several hours and print a message something like the following. The "notAfter" field indicates when the certificate will expire, and you must again run the "kin" command:

%kin
Please enter the password for irrer@UMICH.EDU:
notAfter=May 6 02:39:18 2004 GMT

When this certificate expires you will need to issue the kin command again.

2. Certificates

To provide a chain of authentication, your browser needs the following certificates. For each of these, download them by clicking on them.

cren_ca.crt Education and Research Client CA
umich_root.crt University of Michigan Root CA
umich_ca.crt UMICH Kerberos Certification Authority
mgrid.crt MGRID

For each certificate you will be presented with the following dialog. Check "Trust this CA to identify web sites." as shown, and then click "OK".

Trust Certificate

4. Try It

The MGRID portal is accessable from this web page and has the interface shown below.

The first time you use this web site you may be given the following warning. Select "Accept this certificate permanantly":

Accept this certificate permanently

Next you will be shown the warning below, at which just click "OK" (This is an unfortunate bug with the most recent Firefox release (1.5.0.6)):

If you have not authenticated properly, you will get the following message:

To re-authenticate, re-run the kin script.


MGRID How-to

Grid-Enable Your Browser
Submit a Simple Interactive Job
Schedule a Non-Interactive Job
Monitor Your Non-Interactive Jobs
Change Authorization
When Your Certificate Will Expire
How Much Resources People Use
Upload and Download Your Files Into and Out of MGRID
What Computing Clusters are Available from MGRID
What Technology MGRID Uses
Typical MGRID User Steps

Close