2.0 Setting up and logging in

Before anything else, you must set up the proper environment variables and log in to a Legion system as a Legion user.

2.1 Preparing your Legion environment

Depending on how your system is set up, you may need to set up your access to your Legion system. This will probably involve running a script such as this:

$ . ~legion/setup.sh

or

$ source ~legion/setup.csh

The exact syntax will depend on what kind of shell you are using and where your Legion files are installed. Your system may have different requirements: consult your system administrator for more information.

2.2 Logging in to a Legion system

If your system administrator has enabled Legion's security features, you must have a user id and log in to Legion before you can start working. Your system's log in procedure may differ from what is laid out here: please see your system administrator for exact instructions. The default system requires that all users have user ids and passwords. This allows Legion to keep track of your objects and to know what kind of user privileges you have. It also prevents malicious users from interfering with your objects or gaining illicit access to your system.

When you log in to a Legion system you are identified by a special object called the AuthenticationObject : this object contains your password, initial implicit parameters (the Legion equivalent of a Unix "environment"), and other information. AuthenticationObjects are created when you create a user id. A set of Legion commands can be used to retrieve or change this information (see section 2.8 in the Legion Reference Manual for these commands). When an authenticated user runs a Legion process a certificate confirming his or her identify is passed along to verify that this person has permission to run the process. This certificate is created and signed by your AuthenticationObject, so you will have to get a new user id if your AuthenticationObject is destroyed.

2.2.1 Logging in as a user

You need a user id before you can log in. Ask your system administrator to create one for you if you do not yet have one. You can then log in with the legion_login command. It will request your password and verify your identity and your security privileges, and create a credentials file (a user read-only file) in your local /tmp directory. This file is used by your command-line utilities to verify your identity. You get a separate credentials file for each shell in which you run legion_login.

To login, run legion_login. You can run it with no parameters at all:

$ legion_login Legion login: /users/bob Password: xxxx $

Or, you can provide your user id as a parameter, in which case you must use the full path name (e.g., /users/<user id>):

$ legion_login /users/bob Password: xxxx $

If you wish, you can add the -p flag and include your password on the command line.

$ legion_login /users/bob -p bobspassword

This is not secure, however, and we don't recommend it.

Objects created while logged in will be owned by you and only you will be able to use them. Any processes that you start after you log in will be accompanied by a copy of your AuthenticationObject's certificate.

2.2.2 Changing your password

While you are logged in you can change your password and other parameters of your environment. The password may be changed with the legion_passwd command. Note that you must give your user name's full path.

$ legion_passwd /users/nemo New Legion password: xxxx Retype new password: xxxx Password changed. $

2.2.3 About object permissions

If your system administrator has enabled Legion security, the objects that you create while logged in cannot be used by any other users. If you wish to share your objects you will need to give other users permission to read, write, or execute objects. The legion_change_permissions command lets you do this. The syntax is:

legion_change_permissions [+-rwx] [-v]
   <group/user context path>
   <target context path>
   [-debug] [-help]

You can use the r, w, or x flags to add (+) or remove (-) read, write, or execute permissions on objects. So, if you wanted to allow user bob to be able to read your file object foo, you would enter:

$ legion_change_permissions +r /users/bob foo

This lets bob "read" your object foo. See page 59 in the Reference Manual for more information.

2.2.4 Checking your log in status

If you can't remember whether or not you are logged in or which user id you are using, run the legion_whoami command. Your output will look something like this:

$ legion_whoami /users/nemo $

This means that you are logged in as user nemo. If you are not logged in or your system administrator has not enabled security there will be no output.

2.2.5 Logging out

To log out, run legion_logout:

$ legion_logout

This will remove your credentials file. Remember that you are not in a subshell, so if you type exit you will close your current shell.

2.2.6 Using Legion in a Kerberos environment

If your site requires you to authenticate via Kerberos in order to log on or otherwise interact with any of the machines at the site (irrespective of Legion), you need to incorporate your Kerberos credentials into the Legion environment. If Legion needs to create a process or a file on your behalf on a remote machine, your Kerberos credentials must be available to authenticate you to the remote machine. To do this you will need to create a Legion proxy object that holds a copy of your Kerberos credentials. Legion can then automatically contact this proxy object whenever it needs your Kerberos credentials for a remote machine.

If you're unsure whether you're running in a Kerberos environment, you are probably not. Check with your system administrator to confirm this.

Kerberos support in Legion is not currently fully documented; a small collection of sites that use Kerberos are working with the Legion developers to define and improve Kerberos support in Legion. In the near future, we will include detailed instructions regarding the creation and use of the Kerberos proxy objects. If you require Kerberos support in Legion, contact us at legion-help@virginia.edu.

Directory of Legion 1.7 Manuals
[Home] [General] [Documentation] [Software]
[Testbeds] [Et Cetera] [Map/Search]

Free JavaScripts provided by The JavaScript Source

legion@Virginia.edu
http://legion.virginia.edu/