This manual assumes that you are working on a previously installed, compiled, and running system.1 (See the System Administrator Manual for information on installing, compiling, and starting a new Legion system.) Before going any further, be sure that the system is properly installed and running.
Please note that while your path will change as you move through Legion's binary files, it will not change as you move through context space. We are currently developing a graphic user interface to help users negotiate this space more easily. For the time being, though, you will be working from your command line and typing in commands to run programs and manipulate contexts.
The next few sections deal with setting up the proper environment variables and logging in to a Legion system as a Legion user.
A user who logs in to a Legion system is identified by a special object called the AuthenticationObject: it contains the user's password, initial implicit parameters (the Legion equivalent of a the Unix "environment"), and other information. AuthenticationObjects are created when a user creates a user id. A set of Legion commands (legion_set_acl, legion_get_acl, legion_passwd, legion_set_implicit_params, and legion_get_implicit_params) can be used to retrieve or change this information (see the Legion Reference Manual or the man pages for a discussion of how to use these commands). When an authenticated user runs a Legion process a certificate confirming his or her identify is passed along to verify that the user has permission to run the process. This certificate is created and signed by the user's AuthenticationObject.
AuthenticationObjects must be permanent in order to be useful. If an AuthenticationObject is destroyed, its associated LOID, which identifies the user to the rest of the system, is lost. There is no way to generate an identical LOID for a new AuthenticationObject.
In order to log in to the system, you will need a user id, which can be created by either the user or system administrator. You can then log in, with the legion_login command. The system will then request your password and check it with your AuthenticationObject, which verifies your identity and security privileges.
If you do not already have a user id, you can create one. Normally, the system administrator creates user ids and simultaneously enters them in the groups that have appropriate security rights on the system. If you create your own id you may not have the necessary permissions to enter the id in such groups and use the system resources that the groups control. However, your new user id will otherwise function normally and can be used to protect your resources from other users of the system.
$ legion_login bob Password: xxxx $
Note that your working context will not change when you enter the new shell, but your access privileges are different. Objects created in bob's shell will by default require bob's access privileges to use them.
$ exit exit $
While logged in, you can change your password and other parameters of your environment. The password may be changed with legion_passwd. Note that in this release you must specify the user whose password you are changing, even if it is yourself:
$ legion_passwd bob New Legion password: xxxx Retype new password: xxxx $
To change your implicit parameters, which can be used to control the behavior of security as well as other Legion tools and objects, use the legion_set_implicit_params tools documented in the reference manual. The access permissions of existing objects can be changed with legion_set_acl (please see also "Using security features," in the System Administrator Manual).
1.It is actually not always necessary to have a Legion system running in order to use Legion: some Legion hosts can run in "consumer mode." Consumer mode hosts do not require the full set of Legion system binaries to be installed and running; a subset of binaries can access a Legion system that runs on different remote hosts, and can potentially even use that system to execute parts of Legion programs. A consumer mode host cannot itself be used to carry out parts of Legion programs unless those programs are started directly on that host by mechanisms outside of Legion (for example, from a shell running on the host's operating system). Back