The exact syntax will depend on what kind of shell you are using and where your Legion files are installed. Your system may have different requirements: consult your system administrator for more information.
If your system administrator has enabled Legion's security features, you must have a user id and log in to Legion before you can start working. Your system's log in procedure may differ from what is laid out here: please see your system administrator for exact instructions. The default system requires that all users have user ids and passwords. This allows Legion to keep track of your objects and to know what kind of user privileges you have. It also prevents malicious users from interfering with your objects or gaining illicit access to your system.
When you log in to a Legion system you are identified by a special object called the AuthenticationObject : this object contains your password, initial implicit parameters (the Legion equivalent of a Unix "environment"), and other information. AuthenticationObjects are created when you create a user id. A set of Legion commands can be used to retrieve or change this information (see section 2.8 in the Legion Reference Manual for these commands). When an authenticated user runs a Legion process a certificate confirming his or her identify is passed along to verify that this person has permission to run the process. This certificate is created and signed by your AuthenticationObject, so you will have to get a new user id if your AuthenticationObject is destroyed.
You need a user id before you can log in. Ask your system administrator to create one for you if you do not yet have one. You can then log in with the legion_login command. It will request your password and verify your identity and your security privileges, and create a credentials file (a user read-only file) in your local /tmp directory. This file is used by your command-line utilities to verify your identity. You get a separate credentials file for each shell in which you run legion_login.
Objects created while logged in will be owned by you and only you will be able to use them. Any processes that you start after you log in will be accompanied by a copy of your AuthenticationObject's certificate.
If your system administrator has enabled Legion security, the objects that you create while logged in cannot be used by any other users. If you wish to share your objects you will need to give other users permission to read, write, or execute objects. The legion_change_permissions command lets you do this. The syntax is:
This lets bob "read" your object foo. See page 53 in the Reference Manual for more information.
If your site requires you to authenticate via Kerberos in order to log on or otherwise interact with any of the machines at the site (irrespective of Legion), you need to incorporate your Kerberos credentials into the Legion environment. If Legion needs to create a process or a file on your behalf on a remote machine, your Kerberos credentials must be available to authenticate you to the remote machine. To do this you will need to create a Legion proxy object that holds a copy of your Kerberos credentials. Legion can then automatically contact this proxy object whenever it needs your Kerberos credentials for a remote machine.
Kerberos support in Legion is not currently fully documented; a small collection of sites that use Kerberos are working with the Legion developers to define and improve Kerberos support in Legion. In the near future, we will include detailed instructions regarding the creation and use of the Kerberos proxy objects. If you require Kerberos support in Legion, contact us at firstname.lastname@example.org.