CDA SC510 User's Guide download pdf (Page 16)

IST-033576 D2.1.4

reference to the pam_xos module can be added to the /etc/pam.d/su conﬁg-

uration ﬁle of su in order to add xos authentication capability to the su command:

root: cat /etc/pam.d/su

#%PAM-1.0

...

auth sufficient /usr/local/lib/pam_xos.so

...

root:

For this validation, only the two experimental codes delivered with this proto-

type, pam_app_conv and ssh-xos, will be conﬁgured to use XtreemOS.

The behaviour of this ﬁrst prototype can also be conﬁgured in the /etc/xos

directory:

pam_xos.conf - to conﬁgure the PAM module

nss_xos.conf - to conﬁgure the NSS modules

amappedfile - to deﬁne the mapping rules of account mapping

gmappedfile - to deﬁne the mapping rules of group mapping

policy - to deﬁne the default policy

3.3 Certiﬁcate conﬁguration

In order to test the NSS and PAM modules, we need a valid user proxy generated

from a valid user certiﬁcate. The XtreemOS svn provides sample globus-based

certiﬁcates (in user_cert.tar.gz and ca_cert.tar.gz). The following

steps show how to create a valid local certiﬁcation authority, how the user gener-

ates a certiﬁcate request, how the local certiﬁcation authority signs this certiﬁcate

and, ﬁnally, the creation of a proxy with the necessary attributes.

3.3.1 Certiﬁcate authority Certiﬁcate generation

Self-signed certiﬁcate generation for XtreemOS-Yvon certiﬁcate authority:

ca: openssl req -new -x509 -days 1095

-keyout security/private/XtreemOS-ca.key

-out security/XtreemOS-ca.crt

Generating a 1024 bit RSA private key

..............................++++++

......................................................++++++

writing new private key to

’security/private/XtreemOS-ca.key’

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

XtreemOS–Integrated Project 14/49

1 2 ... 11 12 13 14 15 16 17 18 19 20 21 ... 50 51

No comments

CDA SC510 User's Guide Page 16