By John Steven De… |
Managing users, groups, and AUP agreements
See: IAM Documentation for Administrators:
Obtaining proxies from IAM
In both cases, ensure that an entry exists for the ATLAS IAM server (voms-atlas-auth.app.cern.ch) in `/etc/vomses`; if not, create an entry with the following content:
"atlas" "voms-atlas-auth.app.cern.ch" "443" "/DC=ch/DC=cern/OU=computers/CN=atlas-auth.web.cern.ch" "atlas"
Obtaining an x.509 proxy
For a VOMS proxy:
voms-proxy-init --vomses voms-atlas-auth.app.cern.ch --voms atlas
For an ARC proxy:
arcproxy --vomses voms-atlas-auth.app.cern.ch --voms atlas
Obtaining a token
- Start oidc-agent
# Get a one-time refresh token (only needed the first time registering; enter the generated code when prompted): oidc-gen --flow=device --issuer=https://atlas-auth.web.cern.ch/ --scope-all atlas # After the first registration, skip the step above and instead simply add access to the refresh token: oidc-add atlas
# Obtain the new token: oidc-token atlas