Monday 13 June 2011

Who do we think you are - revisited.

Once upon a time - before the NGS service at Leeds retired - it was possible to connect to grid-enabled machine using only a web browser, your institutional credentials and an ordinary ssh client.

To achieve this, we combined our Shibboleth 'single-sign on' service with a modified version of our Myproxy enabled GSISSH (MEG) code.

The modifications to MEG allowed us to give access to users without a proper NGS account - but provide them with a very restricted shell. IT security take a dim view of allowing anyone from anywhere to do anything on local computer facilities.

Basically, we needed to replace a gsissh command with a utility that translate a certificate and VOMS information to a local username and password in exactly the same way as a gsissh command.

The technical details were covered back in November. As we are tidying up following the end of NGS R+D activity, we have now packaged up the utility itself - called ngs-x509id - and put it on the UKNGI area on SourceForge.

Ngs-x509id is built around a library of X509 utilities developed by my colleague Robert Frank at Manchester. An early version of the library is bundled with ngs-x509id and Robert has kindly made the latest development version available from the UKNGI subversion repository.

No comments: