Logging in to a running Legion System

Table of Contents

  Using legion_login
Create a New User ID
Log in as a user

The Legion tutorials offer quick and simple instructions for various key procedures for a Legion system. More complete explanations of all of the procedures discussed here are available on separate pages, and can be found by clicking on the icon.

Other relevant on-line documents:
  Starting and Shutting down Legion 1.0
An introduction to context space
Legion host and vault objects
Quick list of all Legion commands
Usage of all Legion commands

This information is aimed at Legion system administrators and users who are running their own Legion systems. Once fully operational, Legion does not automatically shut down and restart, so users will not need to worry about regularly going through these procedures. However, when properly compiled and started, the system can be shut down and restarted as necessary.

For information on starting a new Legion system, please see Starting and Shutting down Legion 1.0.

Depending on how your system is set up, you may need to set up your access to your system before you can run Legion commands. This will probably involve running a command such as this:

$ . ~LEGION/setup.sh


$ source ~LEGION/setup.csh
The exact syntax will depend on what kind of shell you are using and on where your Legion files are installed. Consult your system administrator for more information.

Using legion_login

You need a user id to use this command. If you do not already have one, see below to create one.

The legion_login command allows users to log into a running Legion system. The system will request a password and check it with your AuthenticationObject, which verifies your identity and lists your security privileges.

There are two different ways to use this command.

  1. You can run it with just the user id or with no arguments at all. I.e.,
    $ legion_login myID
    The legion_login process will put you in a new sub-shell, and will continue to run. Any processes that you start from within this shell will be accompanied by a copy of your AuthenticationObject's certificate, so as to verify your identity. This is the method explained below.

  2. Or you can use it when executing a specific command (similar to the behavior of Unix rsh). The syntax for this is:
legion_login [-l <user LOID> | <user id>] [-e <command>]
You can add another Legion command as an argument (with the -e flag) so that the legion_login process will securely obtain your certificate from your AuthenticationObject and pass it along. This is useful if you need to certify your identity for a specific process and you do not wish to operate in a legion_login sub-shell.

Note that, even if your system doesn't require user ids, legion_login has the benefit of speeding up command-line tools: tools retrieve pre-generated LOIDs from legion_login instead of taking the time to create the LOIDs themselves.

Create a new user ID

about legion_initialize_users
If you do not already have a user id, you can create one. Normally the system administrator creates user ids and simultaneously enters them in the groups that have appropriate security rights on the system, so if you create your own id you may not have the necessary permissions to enter the id in such groups and use the system resources that the groups control. With this exception, a new user id can be used to protect your resources from other users of the system.

If the system has not been initialized for the creation of new users, use the legion_initialize_users command (note that this only needs to be done once).

Use the legion_create_user command to create a new user id. You will be prompted to enter a password.

$ legion_create_user bob
New Legion password: xxxx
Retype password: xxxx
The command creates an Authentication Object named bob in your current context.1 If you would prefer tht the context name be put in a different part of your context space, simply supply a path name specifying where it should go. E.g.
$ legion_create_user mydirectory/bob
would put bob in sub-context called mydirectory. If mydirectory did not exist the process would create it.

Log in as a new user

To log in with a new user id, in this case bob, enter
$ legion_login bob
Password: xxxx
Note that you do not need to include the user id as a parameter:
$ legion_login
Legion login: bob
Password: xxxx
Your working context will not change when you enter the new shell, but your access privileges are different. Objects created in bob's shell will by default require bob's access privileges to use them.

To exit bob's shell, enter exit:

$ exit
While logged in, you can change your password and other parameters of your environment. The password may be changed with legion_passwd. Note that in this release you must specify the user id whose password you are changing, even if it is your own:
$ legion_passwd bob
New Legion password: xxxx
Retype new password: xxxx
To change your implicit parameters, which can be used to control the behavior of security as well as other Legion tools and objects, use the legion_set_implicit_params tools documented in the reference manual. The access permissions of existing objects can be changed with legion_set_acl (please see also "Using security features" in the System Adminstrator Manual).

1. To verify this use the legion_ls -la command to view the contents of your current context. You will see the name bob among the contents of the context.[Back]