If you get a Teragrid roaming account, you will get access to ~ a dozen clusters and supercomputers. You'll also get several different usernames and passwords for each site. It's a big mess.
Luckily, you can use your Grid credentials as a single sign-on (just like Kerberos!). This will save you from remembering 10 different usernames and passwords. Here are the steps:
- Login to one of the teragrid machines (I used one at SDSC) and create a grid public and private key pair. Use the "cacl" command.
- Copy your key pair (should be in your $HOME/.globus directory) to all other machines you plan to use. This can include your Linux/Mac desktop. If you use Windows, try Gregor's Java CoG kit.
- Run the gx-map command on all the machines you plan to use. This will automatically update the /etc/grid-security/grid-mapfile and add your local username and global DN. The update is probably done with a cron script, so it may take an hour or so.
GSI-enabled SSH is where the magic happens. This is should be located somewhere under your globus installation like $GLOBUS_LOCATION/bin/ssh.d/ssh. Do the following shell commands:
- export GLOBUS_LOCATION=/path/to/your/globus
- source $GLOBUS_LOCATION/etc/globus-user-env.sh
- which ssh
You can now ssh to any machine in the TeraGrid as long as you have gx-mapped your self into the grid-mapfile. The grid-mapfile will take care of mapping your global DN identity (part of your grid keys) to your account name on the local machine.