Special requirements other than the set up mentioned in the CfA text.
Project(s) or EGEE activity presenting the demo or poster (project or activity names only)
There is lack of client tools that allow users to login to systems using X509-based authentication protocols, and it remains a significant barrier to many first-time grid users who are already on a steep learning curve.
KGSI provides the facility for users to use any SSH-enabled client to login - for instance, clients such as Putty, WinSCP and Nautilus all work with KGSI.
KGSI works by providing a server-only solution. The server uses standard SSH mechanisms that allow the user to supply a username and password to a previously uploaded credential on a MyProxy server. This credential is retrieved on behalf of the user and is then used to authenticate the user on the system.
The system is implemented by applying a small patch to GSI-OpenSSH, a specially written LinuxPAM module, and an authentication helper script.