• About EGEE
  • News
  • Mission
  • Partners
  • Activities
  • Applications
  • FAQs
  • Results
• EGEE Events
  • Local actions
  • Official meetings
  • Press releases
  • ??? NavText ???
• Grids related info
  • GridCafé
  • Lexicon & acronyms
  • Specific pointers
• For users
  • Test the Grid / GILDA
  • Grid tools
  • Quick start
  • Support
  • Access portals
• VOCE
  • How to join
  • Usage rules
  • VOCE Utilization
  • User Interface
  • Manuals / Guides
  • VOCE support
  • VOCE UIPnP
  • Wiki
• VO MPI
  • Usage rules
• JRA1 CZ
  • LB - Logging & Bookkeeping
  • Job Provenance
  • Proxy renewal
  • GSS/gsoap plugin
• SA1 CZ
  • Monitoring
• VO auger

User Interface

Command line user interface

The user interface tools (UI) provide all commands needed to use the grid resources in a given VO. The users can either install the tools on their own machine or they can get an account on a machine provided by the user's organization or VO. The UI for VOCE runs on machine ui1.egee.cesnet.cz, account on that machine is created for each VOCE user as part of the VOCE registration process.

The VOCE UI machine can be accessed by the SSH protocol using several authentication methods:

• Password based authentication

The users authenticates using the password that was chosen by the applicant during the registration process. The password can be changed using the kpasswd command from the UI machine. If you forget the password and subsequently can not login to the UI, please contact VOCE support.

• GSI authentication

If you have a GSI-enabled SSH client, you can use it as well to access the UI machine. If you use this mechanism, the GSI proxy will be delegated to the UI as part of the SSH authentication process so you do not have to copy your long-term credentials to the UI.

Sources for the GSI-enabled SSH client can be found at http://grid.ncsa.uiuc.edu/ssh/, we will also provide binary versions for the main operating systems.

• Kerberos tickets

You can also access the UI machine using native Kerberos v5 authentication. SSH clients that support Kerberos are part of all main Linux distributions and there are also SSH client for MS Windows.

In order to use this method, a Kerberos ticket to the realm VOCE (which is an analogy to the GSI proxy) must be created by the user before accessing the UI machine. The ticket is created using the password that was chosen by an applicant during the registration stage. We also provide a simple configuration file needed to create the ticket.

Special files in your home directory at UI

.k5login
contains a list of users (in the form of Kerberos principals) that are allowed to access your account. This file is generated automatically by the account management system. Please, do not remove or modify this file unless you really know what you are doing!

.globus
This directory contains your X.509 certificate and corresponding private key. Make sure that the permissions are set to 700, so you are the only user that is allowed to read the files in the directory. To check current permissions use command ls -ld ~/.globus

If you prefer using your own UI, you will need to configure it to support VOCE. A simple configuration file is provided.