MGRID Portal How-To

Installing kx509 for Netscape on Mac OSX
Grid-Enable Your Browser > Installing kx509 for Netscape on Mac OSX

IMPORTANT: Before you begin, make sure that your computer's time and tim e zone are correct. Portal authentication will not work if your computr's clock is more than five minutes from the Kerberos server.

1. Download

Make sure you have Kerberos 5 and OpenSSL support on your system by verifying that you have the files:

/usr/bin/kinit
/usr/bin/openssl

Most OSX systems come with this pre-installed. If you do not have them, have your system administrator install them, or download and install it yourself from the MIT Kerberos Distribution Page.

The following steps require administrator privileges.

If you already have a /etc/krb5.conf file, it is suggested that you save a copy to /etc/krb5.conf.save. Make sure there is only one kerberos configuration file on your hard disk. Some systems have a /Library/Preferences/edu.mit.Kerberos file which should be moved or removed, as it overrides the /etc/krb5.conf

Download the following zip archive file by holding the mouse button down on it until this menu appears:

Menu

and using the "Save Link Target As" selection.

kx_install.zip

Use "Finder" to unzip the downloaded file (select File -> Open With -> BOMArchiveHelper or double-click on the .zip file if you have Stuffit 9.0 or later installed). A kx_install directory will be created. Note that you must user "Finder" to properly unzip the file. The command line equivalent will not work.

Using "Finder" again, enter the kx_install directory. You will need to manually perform the following copies as the root user:

krb5.conf --> /etc/krb5.conf
kxlist --> /usr/bin/kxlist
kin --> /usr/bin/kin

Now you should exit from the root user and execute the "kin" command. It will prompt you for your Kerberos password. If successuful, it will create a temporary certificate good for several hours and print a message something like the following. The "notAfter" field indicates when the certificate will expire, and you must again run the "kin" command:

%kin
Please enter the password for irrer@UMICH.EDU:
notAfter=May 6 02:39:18 2004 GMT

When this certificate expires you will need to issue the kin command again.

2. kx509

Using "Finder", double-click on the downloaded KX509Installer file. It should be designated with the following logo:

KX509 Installer

It will bring up a "Debug Window" and prompt you with the following dialog:

Authenticate

Enter your password for the local machine

You will next be prompted with the following dialog. Click "Continue".

KX509 Client For Macintosh

When prompted with the following KX509Installer dialog, click "Install".

KX509 Installer

A dialog will be shown indicating the install progress. When complete, you will be prompted with "Are you sure you want to install this security module?". Click OK.

Click "Continue on the following dialog:

Successful Installation

Click "OK" on the following dialog:

Verify Installation

Click "OK" when prompted with "A new security module has been installed". After which you will see the following:

Congratulations

3. Certificates

To provide a chain of authentication, your browser needs the following certificates. For each of these, download them by clicking on them.

cren_ca.crt Education and Research Client CA
umich_root.crt University of Michigan Root CA
umich_ca.crt UMICH Kerberos Certification Authority
mgrid.crt MGRID

For each certificate you will be presented with the following dialog. Check "Trust this CA to identify web sites." as shown, and then click "OK".

Trust Certificate

4. Try It

The MGRID portal is accessable from this web page and has the interface shown below.

The first time you use this web site you may be given the following warning. Select "Accept this certificate permanantly":

Accept this certificate permanently

If you have not authenticated properly, you will get the following message:

To re-authenticate, re-run the kin script.


MGRID How-to

Grid-Enable Your Browser
Submit a Simple Interactive Job
Schedule a Non-Interactive Job
Monitor Your Non-Interactive Jobs
Change Authorization
When Your Certificate Will Expire
How Much Resources People Use
Upload and Download Your Files Into and Out of MGRID
What Computing Clusters are Available from MGRID
What Technology MGRID Uses
Typical MGRID User Steps

Close