Preconditions
You must download and install AliEn user distribution software
Once you have registered your certificate with AliEn Virtual Organisation, you have Grid "username" which should ideally be the same as usual Unix username. If your grid username is different from your local Unix account, you will have to create a file $HOME/.alien/Environment and put there your grid username:
[pcepalice45] ~/alien/bin > mkdir -p ~/.alien/identities.alice
[pcepalice45] ~/alien/bin > echo export ALIEN_USER=psaiz > ~/.alien/Environment
[pcepalice45] ~/alien/bin >
You could also specify the command line option --user , although that has the inconvenience that it has to be specified every time you want to connect to alien.
[pcepalice45] ~ > alien -user pbuncic
Connecting to database alien_system in aliendb.cern.ch:3307 ...
An error occured during AliEn authentication
No SSH key, run alien CreateKeys first
Database: Connection refused
Password incorrect or user pbuncic (as pbuncic) has no access to alien_system in aliendb.cern.ch:3307
ERROR validating the user
AliEn user can connect to different virtual organisations. By default, it will connect to the default virtual organization which can be specified in .Environment file in the root of the AliEn installation directory (variable ALIEN_ORGANISATION). Finally, a user can also specify the organisation (s)he wants to contact, creating his/her own $HOME/.alien/Environment file. For instance>
[pcepalice45] ~ > echo ALIEN_ORGANISATION=Atlas >>$HOME/.alien/Environment
[pcepalice45] ~ > alien
Connecting to database alien_system in aliendb.cern.ch:3308 ...
And you can see that the system connects in a different port (at the moment, the services for these two organisations are running on the same machine, although in different ports).
In the environment file, the user can also specify other options, like the site that will be used for the configuration.
[pcepalice45] ~ > echo ALIEN_DOMAIN=cern.ch >>$HOME/.alien/Environment
Authentication with certificates
Once you have a certificate, you can put a link $HOME/.alien/globus pointing to the directory containing your certificate.
[pcepalice45] ~/alien/bin > cd ~/.alien/
[pcepalice45] ~/.alien > ln -s ~/.globus/ globus
[pcepalice45] ~/.alien > ls -al globus/
total 32
drwxr-xr-x 2 psaiz z2 4096 Jul 22 16:48 ./
drwxr-xr-x 36 psaiz root 8192 Sep 10 14:56 ../
-rw-r--r-- 1 psaiz z2 3272 May 10 15:04 usercert.pem
-r-------- 1 psaiz z2 951 May 10 15:04 userkey.pem
Whenever you want to authenticate to alien, you will have to make sure that you have an active proxy, and then you will be able to log in. If you do not have a proxy, you will get the following message.
[pcepalice45] ~/.alien > alien
Connecting to database alien_system in aliendb.cern.ch:3307 ...
An error occured during AliEn authentication
Your proxy expired. Run alien ProxyInit
Database: Connection refused
Password incorrect or user psaiz (as psaiz) has no access to alien_system in aliendb.cern.ch:3307
ERROR validating the user
[pcepalice45] ~/.alien > alien proxy-init
*********************************************************
Certificates:
1 : subject= /O=Grid/O=CERN/OU=cern.ch/CN=Pablo Saiz
*********************************************************
Your identity: /O=Grid/O=CERN/OU=cern.ch/CN=Pablo Saiz
Enter GRID pass phrase for this identity:
Creating proxy ................................................................... Done
Your proxy is valid until Wed Sep 11 16:13:09 2002
[pcepalice45] ~/.alien > alien
Connecting to database alien_system in aliendb.cern.ch:3307 ...
Warning! not able to load the previous environment!
[aliendb.cern.ch:3307] / >
The warning is due to the fact that this is the first time that the user is logging into the system. The next time you log in, you will not get that message (and you will also start in the same directory where you were the last time).
There are also tools to check if you have a proxy (proxy-info), and to destroy a proxy (proxy-destroy)
[pcepalice45] ~ > alien proxy-info
subject : /O=Grid/O=CERN/OU=cern.ch/CN=Pablo Saiz/CN=proxy
issuer : /O=Grid/O=CERN/OU=cern.ch/CN=Pablo Saiz
type : full
strength : 512 bits
timeleft : 20:40:22
[pcepalice45] ~ > alien proxy-destroy
[pcepalice45] ~ > alien proxy-info
ERROR: unable to determine proxy file name
To start alien, just type 'alien':
[pcepalice45] ~/alien/bin > alien
Connecting to database alien_system in aliendb.cern.ch:3307 ...
Warning! not able to load the previous environment!
[aliendb.cern.ch:3307] / >
The warning is due to the fact that this is the first time that the user is logging into the system. The next time you log in, you will not get that message (and you will also start in the same directory where you were the last time).