...

...

https://datagw03.supermuc.lrz.de:9000/rest/auth/DATAGW
https://datagw04.supermuc.lrz.de:9000/rest/auth/DATAGW

which can be both reached via the alias:

https://datagw.supermuc.lrz.de:9000/rest/auth/DATAGW

Setting up the Client

To transfer files with a client at LRZ on SuperMUC-NG to another site, you need to log in to

...

module use -a /lrz/sys/share/modules/extfiles
module load uftp-client

For more information on the uftp-client, see the examples below or please refer to https://www.unicore.eu/docstore/uftpclient-1.3.2/uftpclient-manual.html

...

Client identity: CN=YOUR_USERNAME_AT_JSC , OU=ssh-local-users
Client auth method: SSHKEY
Auth server type: AuthServer
Server: JUDAC
URL base: https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/auth/JUDAC:
Description: JUDAC
Remote user info: uid=YOUR_USERNAME_AT_JSC ;gid=N/A
Sharing support: enabled
Server status: OK [connected to UFTPD judacsrv.fz-juelich.de:64433]
Server: JUDAC-PRACE
URL base: https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/auth/JUDAC-PRACE:
Description: JUDAC via PRACE Network
Remote user info: uid= YOUR_USERNAME_AT_JSC;gid=N/A
Sharing support: not available
Server status: OK [connected to UFTPD judacsrv.fz-juelich.de:64433]

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/dss/dsshome1/lrz/sys/grid/uftp-client-1.3.2/lib/bcprov-jdk15on-1.61.jar) to constructor sun.security.provider.Sun()
WARNING: Please consider reporting this to the maintainers of org.bouncycastle.jcajce.provider.drbg.DRBG
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

To list the contents To list the contents of a remote directory, use

...

At LRZ copy the contents of ~/.uftp/id_uftp_to_lrz.pub (located at JUDAC) into the file ~/.sshuftp/authorized_keys (located at LRZ) and replace the authentification URL https://uftp.fz-juelich.de:9112/UFTP_Auth/rest/auth/JUDAC with https://datagw03.supermuc.lrz.de:9000/rest/auth/DATAGW or https://datagw04.supermuc.lrz.de:9000/rest/auth/DATAGW, so e.g.

...

gsiftp://datagw03.supermuc.lrz.de
gsiftp://datagw04.supermuc.lrz.de

which can be both reached via the alias:

gsiftp://datagw.supermuc.lrz.de

Associate your DN from your personal certificate with your LRZ-username

In the following we assume that you successfully obtained your signed certificate as a .p12 file which is called "SignedGridCert.p12". As a next step, you need to extract you your DN (Distingiushed Name) from the certificate. This can be done via

openssl pkcs12 -in SignedGridCert.p12 -nodes | openssl x509 -noout -subject -nameopt RFC2253 | sed s/"subject="//
Enter Import Password: 
subjectCN=C = DE, O = GridGermany, OU = John Doe,OU=Leibniz-Rechenzentrum, CN = John Doe,O=GridGermany,C=DE

Afterwards, please follow the instructions on https://www.lrz.de/services/compute/grid_en/certificate_en/person-certificate_en/register_cert_en/ to associate your DN with your LRZ-Account.

Until the association becomes valid it may take up to thirty minutes.

...

Please note the reverse order in the DN. From the example above, the DN you need to enter into the IDM portal would be

...

-Account.

Until the association becomes valid it may take up to thirty minutes.

...

Then you need to load the GridFTP module:

module use -a /lrz/sys/share/modules/extfiles 
module load gridftp-client

Now you need to generate a proxy certificate with a limited lifetime. This is done via

...

globus-url-copy -vb -p 6 gsiftp://datagw03datagw.supermuc.lrz.de/PATH/TO/FILE/AT/LRZ gsiftp://judacsrv.fz-juelich.de/PATH/TO/FILE/AT/JSC

...

globus-url-copy -vb -p 6 gsiftp://gridftp-fr1.hww.de:2812/PATH/TO/FILE/AT/HLRS gsiftp://datagw04datagw.supermuc.lrz.de/PATH/TO/FILE/AT/LRZ 

...

Data Transfer to/from PRACE sites

...

Beyond Data Transfer: Sharing and Public Access

...