From 127c2530cf7fed14974448f2536ab5b828cdd81f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Krup=C4=8D=C3=ADk?= <lukas.krupcik@vsb.cz>
Date: Mon, 19 Dec 2016 13:36:12 +0100
Subject: [PATCH] change
---
.../cygwin-and-x11-forwarding.md | 2 +-
.../graphical-user-interface.md | 2 ++
.../graphical-user-interface/vnc.md | 25 +++++++++++-----
.../x-window-system.md | 30 ++++++++++++-------
.../accessing-the-clusters/introduction.md | 6 ++--
.../shell-access-and-data-transfer/putty.md | 15 ++++++----
.../puttygen.md | 5 ++--
.../ssh-keys.md | 15 ++++++----
.../certificates-faq.md | 16 +++++++++-
9 files changed, 81 insertions(+), 35 deletions(-)
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/cygwin-and-x11-forwarding.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/cygwin-and-x11-forwarding.md
index 4fb6482b8..e98bf9f04 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/cygwin-and-x11-forwarding.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/cygwin-and-x11-forwarding.md
@@ -1,7 +1,7 @@
Cygwin and X11 forwarding
=========================
-### If no able to forward X11 using PuTTY to CygwinX
+**If no able to forward X11 using PuTTY to CygwinX**
```bash
[usename@login1.anselm ~]$ gnome-session &
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/graphical-user-interface.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/graphical-user-interface.md
index 5a96ef084..c38214732 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/graphical-user-interface.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/graphical-user-interface.md
@@ -3,12 +3,14 @@ Graphical User Interface
X Window System
---------------
+
The X Window system is a principal way to get GUI access to the clusters.
Read more about configuring [**X Window System**](x-window-system/).
VNC
---
+
The **Virtual Network Computing** (**VNC**) is a graphical [desktop sharing](http://en.wikipedia.org/wiki/Desktop_sharing "Desktop sharing") system that uses the [Remote Frame Buffer protocol (RFB)](http://en.wikipedia.org/wiki/RFB_protocol "RFB protocol") to remotely control another [computer](http://en.wikipedia.org/wiki/Computer "Computer").
Read more about configuring **[VNC](vnc/)**.
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/vnc.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/vnc.md
index bdb995576..63b3ec920 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/vnc.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/vnc.md
@@ -3,10 +3,11 @@ VNC
The **Virtual Network Computing** (**VNC**) is a graphical [desktop sharing](http://en.wikipedia.org/wiki/Desktop_sharing "Desktop sharing") system that uses the [Remote Frame Buffer protocol (RFB)](http://en.wikipedia.org/wiki/RFB_protocol "RFB protocol") to remotely control another [computer](http://en.wikipedia.org/wiki/Computer "Computer"). It transmits the [keyboard](http://en.wikipedia.org/wiki/Computer_keyboard "Computer keyboard") and [mouse](http://en.wikipedia.org/wiki/Computer_mouse") events from one computer to another, relaying the graphical [screen](http://en.wikipedia.org/wiki/Computer_screen "Computer screen") updates back in the other direction, over a [network](http://en.wikipedia.org/wiki/Computer_network "Computer network").
-The recommended clients are [TightVNC](http://www.tightvnc.com) or[TigerVNC](http://sourceforge.net/apps/mediawiki/tigervnc/index.php?title=Main_Page) (free, open source, available for almost any platform).
+The recommended clients are [TightVNC](http://www.tightvnc.com) or [TigerVNC](http://sourceforge.net/apps/mediawiki/tigervnc/index.php?title=Main_Page) (free, open source, available for almost any platform).
Create VNC password
-------------------
+
!!! Note "Note"
Local VNC password should be set before the first login. Do use a strong password.
@@ -67,7 +68,8 @@ To access the VNC server you have to create a tunnel between the login node usin
!!! Note "Note"
The tunnel must point to the same login node where you launched the VNC server, eg. login2. If you use just cluster-name.it4i.cz, the tunnel might point to a different node due to DNS round robin.
-###Linux/Mac OS example of creating a tunnel
+Linux/Mac OS example of creating a tunnel
+-----------------------------------------
At your machine, create the tunnel:
@@ -106,7 +108,8 @@ You have to destroy the SSH tunnel which is still running at the background afte
kill 2022
```
-### Windows example of creating a tunnel
+Windows example of creating a tunnel
+------------------------------------
Use PuTTY to log in on cluster.
@@ -129,13 +132,15 @@ Fill the Source port and Destination fields. **Do not forget to click the Add bu
Run the VNC client of your choice, select VNC server 127.0.0.1, port 5961 and connect using VNC password.
-### Example of starting TigerVNC viewer
+Example of starting TigerVNC viewer
+-----------------------------------
In this example, we connect to VNC server on port 5961, via the ssh tunnel, using TigerVNC viewer. The connection is encrypted and secured. The VNC server listening on port 5961 provides screen of 1600x900 pixels.
-### Example of starting TightVNC Viewer
+Example of starting TightVNC Viewer
+-----------------------------------
Use your VNC password to log using TightVNC Viewer and start a Gnome Session on the login node.
@@ -148,7 +153,8 @@ You should see after the successful login.
-###Disable your Gnome session screensaver
+Disable your Gnome session screensaver
+--------------------------------------
Open Screensaver preferences dialog:
@@ -158,7 +164,8 @@ Uncheck both options below the slider:
-### Kill screensaver if locked screen
+Kill screensaver if locked screen
+---------------------------------
If the screen gets locked you have to kill the screensaver. Do not to forget to disable the screensaver then.
@@ -170,7 +177,8 @@ username    24316 0.0 0.0 270564 3528 ?       Ss  14:12Â
[username@login2 .vnc]$ kill 24316
```
-### Kill vncserver after finished work
+Kill vncserver after finished work
+----------------------------------
You should kill your VNC server using command:
@@ -188,6 +196,7 @@ Or this way:
GUI applications on compute nodes over VNC
------------------------------------------
+
The very same methods as described above, may be used to run the GUI applications on compute nodes. However, for maximum performance, proceed following these steps:
Open a Terminal (Applications -> System Tools -> Terminal). Run all the next commands in the terminal.
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/x-window-system.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/x-window-system.md
index ed0ad9f0d..d79c5c454 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/x-window-system.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/x-window-system.md
@@ -6,7 +6,8 @@ The X Window system is a principal way to get GUI access to the clusters. The **
!!! Note "Note"
The X display forwarding must be activated and the X server running on client side
-### X display
+X display
+---------
In order to display graphical user interface GUI of various software tools, you need to enable the X display forwarding. On Linux and Mac, log in using the -X option tho ssh client:
@@ -14,7 +15,8 @@ In order to display graphical user interface GUI of various software tools, you
local $ ssh -X username@cluster-name.it4i.cz
```
-### X Display Forwarding on Windows
+X Display Forwarding on Windows
+-------------------------------
On Windows use the PuTTY client to enable X11 forwarding. In PuTTY menu, go to Connection->SSH->X11, mark the Enable X11 forwarding checkbox before logging in. Then log in as usual.
@@ -32,15 +34,18 @@ localhost:10.0
then the X11 forwarding is enabled.
-### X Server
+X Server
+--------
In order to display graphical user interface GUI of various software tools, you need running X server on your desktop computer. For Linux users, no action is required as the X server is the default GUI environment on most Linux distributions. Mac and Windows users need to install and run the X server on their workstations.
-### X Server on OS X
+X Server on OS X
+----------------
Mac OS users need to install [XQuartz server](http://xquartz.macosforge.org/landing/).
-### X Server on Windows
+X Server on Windows
+-------------------
There are variety of X servers available for Windows environment. The commercial Xwin32 is very stable and rich featured. The Cygwin environment provides fully featured open-source XWin X server. For simplicity, we recommend open-source X server by the [Xming project](http://sourceforge.net/projects/xming/). For stability and full features we recommend the
[XWin](http://x.cygwin.com/) X server by Cygwin
@@ -51,7 +56,8 @@ There are variety of X servers available for Windows environment. The commercial
Read more on [http://www.math.umn.edu/systems_guide/putty_xwin32.html](http://www.math.umn.edu/systems_guide/putty_xwin32.shtml)
-### Running GUI Enabled Applications
+Running GUI Enabled Applications
+--------------------------------
!!! Note "Note"
Make sure that X forwarding is activated and the X server is running.
@@ -69,7 +75,8 @@ $ xterm
In this example, we activate the intel programing environment tools, then start the graphical gvim editor.
-### GUI Applications on Compute Nodes
+GUI Applications on Compute Nodes
+---------------------------------
Allocate the compute nodes using -X option on the qsub command
@@ -87,11 +94,13 @@ $ ssh -X r24u35n680
In this example, we log in on the r24u35n680 compute node, with the X11 forwarding enabled.
-### The Gnome GUI Environment
+The Gnome GUI Environment
+-------------------------
The Gnome 2.28 GUI environment is available on the clusters. We recommend to use separate X server window for displaying the Gnome environment.
-### Gnome on Linux and OS X
+Gnome on Linux and OS X
+-----------------------
To run the remote Gnome session in a window on Linux/OS X computer, you need to install Xephyr. Ubuntu package is
xserver-xephyr, on OS X it is part of [XQuartz](http://xquartz.macosforge.org/landing/). First, launch Xephyr on local machine:
@@ -117,7 +126,8 @@ xinit /usr/bin/ssh -XT -i .ssh/path_to_your_key yourname@cluster-namen.it4i.cz g
However this method does not seem to work with recent Linux distributions and you will need to manually source
/etc/profile to properly set environment variables for PBS.
-### Gnome on Windows
+Gnome on Windows
+----------------
Use Xlaunch to start the Xming server or run the XWin.exe. Select the "One window" mode.
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/introduction.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/introduction.md
index d1e783e11..505b6190e 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/introduction.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/introduction.md
@@ -6,11 +6,13 @@ The IT4Innovations clusters are accessed by SSH protocol via login nodes.
!!! Note "Note"
Read more on [Accessing the Salomon Cluster](../../salomon/accessing-the-cluster/accessing-the-cluster/)r or [Accessing the Anselm Cluster](../../anselm-cluster-documentation/accessing-the-cluster/shell-and-data-access/) pages.
-### PuTTY
+PuTTY
+-----
On **Windows**, use [PuTTY ssh client](shell-access-and-data-transfer/putty/).
-### SSH keys
+SSH keys
+--------
Read more about [SSH keys management](shell-access-and-data-transfer/ssh-keys/).
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/putty.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/putty.md
index 1a0545c79..d7a68490d 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/putty.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/putty.md
@@ -1,10 +1,11 @@
PuTTY
=====
-PuTTY - before we start SSH connection
----------------------------------------------------------------------------------
+!!! Note "Note"
+ PuTTY - before we start SSH connection
-### Windows PuTTY Installer
+Windows PuTTY Installer
+-----------------------
We recommned you to download "**A Windows installer for everything except PuTTYtel**" with **Pageant** (SSH authentication agent) and **PuTTYgen** (PuTTY key generator) which is available [here](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html).
@@ -17,16 +18,18 @@ We recommned you to download "**A Windows installer for everything except PuTTYt
"Pageant" is optional.
-### PuTTYgen
+PuTTYgen
+--------
PuTTYgen is the PuTTY key generator. Read more how to load in an existing private key and change your passphrase or generate a new public/private key pair using [PuTTYgen](puttygen) if needed.
-### Pageant SSH agent
+Pageant SSH agent
+-----------------
[Pageant](pageant) holds your private key in memory without needing to retype a passphrase on every login. We recommend its usage.
PuTTY - how to connect to the IT4Innovations cluster
---------------------------------------------------------
+----------------------------------------------------
- Run PuTTY
- Enter Host name and Save session fields with [Login address](../../../salomon/accessing-the-cluster/accessing-the-cluster/) and browse Connection - > SSH -> Auth menu. The *Host Name* input may be in the format **"username@clustername.it4i.cz"** so you don't have to type your login each time.In this example we will connect to the Salomon cluster using **"salomon.it4i.cz"**.
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/puttygen.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/puttygen.md
index c5be24d6e..6ad210725 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/puttygen.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/puttygen.md
@@ -7,7 +7,7 @@ PuTTYgen is the PuTTY key generator. You can load in an existing private key and
You can change the password of your SSH key with "PuTTY Key Generator". Make sure to backup the key.
-- Load your [private key](../shell-access-and-data-transfer/ssh-keys/) file with *Load* button.
+- Load your [private key](../shell-access-and-data-transfer/ssh-keys/) file with *Load* button.
- Enter your current passphrase.
- Change key passphrase.
- Confirm key passphrase.
@@ -15,7 +15,8 @@ You can change the password of your SSH key with "PuTTY Key Generator". Make sur
-### Generate a New Public/Private key
+Generate a New Public/Private key
+---------------------------------
You can generate an additional public/private key pair and insert public key into authorized_keys file for authentication with your own private key.
diff --git a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
index 78d9bd273..3b8b41b40 100644
--- a/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
+++ b/docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
@@ -2,7 +2,8 @@ SSH keys
========
Key management
--------------------------------------------------------------------
+--------------
+
After logging in, you can see .ssh/ directory with SSH keys and authorized_keys file:
```bash
@@ -20,7 +21,8 @@ After logging in, you can see .ssh/ directory with SSH keys and authorized_keys
!!! Note "Note"
Please note that private keys in .ssh directory are without passphrase and allow you to connect within the cluster.
-### Access privileges on .ssh folder
+Access privileges on .ssh folder
+--------------------------------
- .ssh directory: 700 (drwx------)
- Authorized_keys, known_hosts and public key (.pub file): 644 (-rw-r--r--)
@@ -38,6 +40,7 @@ After logging in, you can see .ssh/ directory with SSH keys and authorized_keys
Private key
-----------
+
!!! Note "Note"
The path to a private key is usually /home/username/.ssh/
@@ -86,7 +89,8 @@ An example of public key format:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpujuOiTKCcGkbbBhrk0Hjmezr5QpM0swscXQE7fOZG0oQSURoapd9tjC9eVy5FvZ339jl1WkJkdXSRtjc2G1U5wQh77VE5qJT0ESxQCEw0S+CItWBKqXhC9E7gFY+UyP5YBZcOneh6gGHyCVfK6H215vzKr3x+/WvWl5gZGtbf+zhX6o4RJDRdjZPutYJhEsg/qtMxcCtMjfm/dZTnXeafuebV8nug3RCBUflvRb1XUrJuiX28gsd4xfG/P6L/mNMR8s4kmJEZhlhxpj8Th0iIc+XciVtXuGWQrbddcVRLxAmvkYAPGnVVOQeNj69pqAR/GXaFAhvjYkseEowQao1 username@organization.example.com
```
-### How to add your own key
+How to add your own key
+-----------------------
First, generate a new keypair of your public and private key:
@@ -107,6 +111,7 @@ Example:
In this example, we add an additional public key, stored in file additional_key.pub into the authorized_keys. Next time we log in, we will be able to use the private addtional_key key to log in.
-### How to remove your own key
+How to remove your own key
+--------------------------
-Removing your key from authorized_keys can be done simply by deleting the corresponding public key which can be identified by a comment at the end of line (eg. username@organization.example.com).
+Removing your key from authorized_keys can be done simply by deleting the corresponding public key which can be identified by a comment at the end of line (eg. *username@organization.example.com*).
diff --git a/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/certificates-faq.md b/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/certificates-faq.md
index b4f91f125..347236d0d 100644
--- a/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/certificates-faq.md
+++ b/docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/certificates-faq.md
@@ -15,28 +15,33 @@ There are different kinds of certificates, each with a different scope of use. W
- Host certificates
- Service certificates
-**However, users need only manage User and CA certificates. Note that your user certificate is protected by an associated private key, and this private key must never be disclosed**.
+However, users need only manage User and CA certificates. Note that your user certificate is protected by an associated private key, and this **private key must never be disclosed**.
Q: Which X.509 certificates are recognised by IT4Innovations?
-------------------------------------------------------------
+
Any certificate that has been issued by a Certification Authority (CA) from a member of the IGTF ([http:www.igtf.net](http://www.igtf.net/)) is recognised by IT4Innovations: European certificates are issued by members of the EUGridPMA ([https://www.eugridmpa.org](https://www.eugridpma.org/)), which is part if the IGTF and coordinates the trust fabric for e-Science Grid authentication within Europe. Further the Czech *"Qualified certificate" (Kvalifikovaný certifikát)* (provided by <http://www.postsignum.cz/> or <http://www.ica.cz/Kvalifikovany-certifikat.aspx>), that is used in electronic contact with Czech public authorities is accepted.
Q: How do I get a User Certificate that can be used with IT4Innovations?
------------------------------------------------------------------------
+
To get a certificate, you must make a request to your local, IGTF approved, Certificate Authority (CA). Usually you then must visit, in person, your nearest Registration Authority (RA) to verify your affiliation and identity (photo identification is required). Usually, you will then be emailed details on how to retrieve your certificate, although procedures can vary between CAs. If you are in Europe, you can locate your trusted CA via <http://www.eugridpma.org/members/worldmap>.
In some countries certificates can also be retrieved using the TERENA Certificate Service, see the FAQ below for the link.
Q: Does IT4Innovations support short lived certificates (SLCS)?
---------------------------------------------------------------
+
Yes, provided that the CA which provides this service is also a member of IGTF.
Q: Does IT4Innovations support the TERENA certificate service?
--------------------------------------------------------------
+
Yes, ITInnovations supports TERENA eScience personal certificates. For more information, please visit [https://tcs-escience-portal.terena.org](https://tcs-escience-portal.terena.org/), where you also can find if your organisation/country can use this service
Q: What format should my certificate take?
------------------------------------------
+
User Certificates come in many formats, the three most common being the ’PKCS12’, ’PEM’ and the JKS formats.
The PKCS12 (often abbreviated to ’p12’) format stores your user certificate, along with your associated private key, in a single file. This form of your certificate is typically employed by web browsers, mail clients, and grid services like UNICORE, DART, gsissh-term and Globus toolkit (GSI-SSH, GridFTP and GRAM5).
@@ -51,6 +56,7 @@ To convert your Certificate from p12 to JKS, IT4Innovations recommends using the
Q: What are CA certificates?
----------------------------
+
Certification Authority (CA) certificates are used to verify the link between your user certificate and the authority which issued it. They are also used to verify the link between the host certificate of a IT4Innovations server and the CA which issued that certificate. In essence they establish a chain of trust between you and the target server. Thus, for some grid services, users must have a copy of all the CA certificates.
To assist users, SURFsara (a member of PRACE) provides a complete and up-to-date bundle of all the CA certificates that any PRACE user (or IT4Innovations grid services user) will require. Bundle of certificates, in either p12, PEM or JKS formats, are available from <http://winnetou.sara.nl/prace/certs/>.
@@ -67,6 +73,7 @@ If you run this command as ’root’, then it will install the certificates int
Q: What is a DN and how do I find mine?
---------------------------------------
+
DN stands for Distinguished Name and is part of your user certificate. IT4Innovations needs to know your DN to enable your account to use the grid services. You may use openssl (see below) to determine your DN or, if your browser contains your user certificate, you can extract your DN from your browser.
For Internet Explorer users, the DN is referred to as the "subject" of your certificate. Tools->Internet Options->Content->Certificates->View->Details->Subject.
@@ -75,6 +82,7 @@ For users running Firefox under Windows, the DN is referred to as the "subject"
Q: How do I use the openssl tool?
---------------------------------
+
The following examples are for Unix/Linux operating systems only.
To convert from PEM to p12, enter the following command:
@@ -110,6 +118,7 @@ To download openssl for both Linux and Windows, please visit <http://www.openssl
Q: How do I create and then manage a keystore?
----------------------------------------------
+
IT4innovations recommends the java based keytool utility to create and manage keystores, which themselves are stores of keys and certificates. For example if you want to convert your pkcs12 formatted key pair into a java keystore you can use the following command.
```bash
@@ -132,6 +141,7 @@ More information on the tool can be found at:<http://docs.oracle.com/javase/7/do
Q: How do I use my certificate to access the different grid Services?
---------------------------------------------------------------------
+
Most grid services require the use of your certificate; however, the format of your certificate depends on the grid Service you wish to employ.
If employing the PRACE version of GSISSH-term (also a Java Web Start Application), you may use either the PEM or p12 formats. Note that this service automatically installs up-to-date PRACE CA certificates.
@@ -142,6 +152,7 @@ If the grid service is part of Globus, such as GSI-SSH, GriFTP or GRAM5, then th
Q: How do I manually import my certificate into my browser?
-----------------------------------------------------------
+
If you employ the Firefox browser, then you can import your certificate by first choosing the "Preferences" window. For Windows, this is Tools->Options. For Linux, this is Edit->Preferences. For Mac, this is Firefox->Preferences. Then, choose the "Advanced" button; followed by the "Encryption" tab. Then, choose the "Certificates" panel; select the option "Select one automatically" if you have only one certificate, or "Ask me every time" if you have more then one. Then click on the "View Certificates" button to open the "Certificate Manager" window. You can then select the "Your Certificates" tab and click on button "Import". Then locate the PKCS12 (.p12) certificate you wish to import, and employ its associated password.
If you are a Safari user, then simply open the "Keychain Access" application and follow "File->Import items".
@@ -150,12 +161,15 @@ If you are an Internet Explorer user, click Start->Settings->Control Panel
Q: What is a proxy certificate?
-------------------------------
+
A proxy certificate is a short-lived certificate which may be employed by UNICORE and the Globus services. The proxy certificate consists of a new user certificate and a newly generated proxy private key. This proxy typically has a rather short lifetime (normally 12 hours) and often only allows a limited delegation of rights. Its default location, for Unix/Linux, is /tmp/x509_u*uid* but can be set via the $X509_USER_PROXY environment variable.
Q: What is the MyProxy service?
-------------------------------
+
[The MyProxy Service](http://grid.ncsa.illinois.edu/myproxy/) , can be employed by gsissh-term and Globus tools, and is an online repository that allows users to store long lived proxy certificates remotely, which can then be retrieved for use at a later date. Each proxy is protected by a password provided by the user at the time of storage. This is beneficial to Globus users as they do not have to carry their private keys and certificates when travelling; nor do users have to install private keys and certificates on possibly insecure computers.
Q: Someone may have copied or had access to the private key of my certificate either in a separate file or in the browser. What should I do?
+--------------------------------------------------------------------------------------------------------------------------------------------
Please ask the CA that issued your certificate to revoke this certifcate and to supply you with a new one. In addition, please report this to IT4Innovations by contacting [the support team](https://support.it4i.cz/rt).
--
GitLab