Keep your X.509 certificate alive after logging out of the cluster

On some occasions one needs a valid grid-proxy to access data, query the file database using LSCdataFind, get segment files, etc. Most of the time people simply copy their credentials to the cluster in question and run grid-proxy-init there which will work, is however not advices since you are leaving your credentials on a remote, usually shared file system which usually is far less secure than your own computer.

A solution might be to copy the proxy file into your home directory and re-exprt the corresponding environment variable to point to that one, e.g.:

cp $X509_USER_PROXY $HOME/myproxy
export X509_USER_PROXY=$HOME/myproxy

That way Condor (and your jobs) are still able to access this proxy, even when you log out (and an automatic mechanism destroys your proxy). However, in your submit files you probably have to include one of these lines to make it all work:

getenv = True
x509userproxy = $ENV(HOME)/myproxy

(thanks to ScottK for the main hint here)

-- CarstenAulbert - 04 May 2009

DocumentationForm edit

Title Keep X.509 proxy alive after log-out
Description Simple scheme to keep a X.509 proxy alive to be accessed by Condor/cluster jobs even when you are not logged in.
Tags Condor, X509,X.509,proxy
Category User
This topic: ATLAS > WebHome > GeneralDocumentation > KeepX509CertificateAliveAfterLogout
Topic revision: 10 Feb 2012, ArthurVarkentin
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback