Logging into a running Legion system


Altering the AuthenticationObject
A set of Legion commands can be used to retrieve or change the information in an AuthenticationObject: legion_passwd, legion_set_implicit_params, legion_set_acl, legion_get_implicit_params, and legion_get_acl.

AuthenticationObjects must be permanent in order to be useful. If an AuthenticationObject is destroyed, its associated LOID, which identifies the user to the rest of the system, is lost. There is no way to generate an identical LOID for a new AuthenticationObject.


Creating new user ids
Please note that you must have admin privileges in order to create new user ids in a security-enabled system. Please see the System Administrator manual for further information.

You can now add users to your system, by creating user ids. A user id is an entry in context space that represents an AuthenticationObject. It is also used to signify ownership of all objects that a logged in user creates. The admin creates user ids with the legion_create_user command. This command will also create a home context for the new user. To create a user id for "nemo," for example, you would enter:

$ legion_create_user nemo
New Legion password: xxxx 
Retype password: xxxx
1.3622a3eb.6b000000.03000000.000001fc...
Creating a Home context: /home/nemo
Creating context "nemo" in parent "/home".
New context LOID = "1.3622a3eb.05.11000000.000001fc..."
Changing ACLs on /home/nemo
$
The command will prompt for a password for the new user and will print the user's AuthenticationObject LOID. It will also create a home context for the user in the /home context. Please allow about five minutes for the new user to propagate in your system before logging in with the new id. (Until then the user will get security errors when he tries to create objects.)

The legion_create_user command is actually a simple wrapper around legion_create_user_object. The full command can give more control to the creation of AuthenticationObjects; execute it without arguments for a summary of its options.

Once a user is created, log in is achieved by giving the context path of the user object and a password to legion_login.

$ legion_login /users/nemo
Password:xxxx
$
On a successful log in, a new shell is created. Note that user nemo must move to his /home/nemo context: users can work only in the /home, /etc, /temp, /mpi, and /pvm contexts. Only admin can work in the remaining parts of context space. Log out is achieved by exiting the shell.