Here are some more details from the ESG support on what is required for OpenDAP clients to access data securely on EarthSystemGrid, in case NCL developers would like to add this capability in the future.
-Jamie
> Hi Jamie,
> we are working on that... the software is all there, but it needs to be deployed and configured uniformly across ESG. In short, what needs to happen is the following:
>
> a) each Node exposes data via an Opendap server (typically, the TDS)
> b) each Node is configured with the PKI-based security filters for authentication and authorization)
> c) the client of choice needs to be relinked with a version of the library (Netcdf-python or pydap) that supports ESG security - essentially, following redirects, send certificates and cookies
>
> For example, this is a working example of an opendap retrieval command via the wget client to the JPL TDS:
>
> wget --certificate user.pem --private-key user.pem http://esg-datanode.jpl.nasa.gov/thredds/dodsC/esg_dataroot/obs4MIPs/observations/atmos/ta/mon/grid/NASA-JPL/AIRS/v20110608/ta_AIRS_L3_RetStd-v5_200209-201105.nc.dods?ta[0:1:0][0:1:0][0:1:0][0:1:0]
>
> If you have a client that supports c), you could start trying to access the data from those nodes that have a) and b) configured already.
>
> thanks, Luca
>
>
> On Jul 14, 2011, at 9:45 AM, Jamie Scott wrote:
>
>> Is there support for accessing data on ESG with OpenDAP enabled clients instead of downloading everything with a web browser or wget?
>>
>> Thanks,
>>
>> Jamie Scott
>
> On Jul 13, 2011, at 12:50 PM, David Brown wrote:
>
>> Hi Jamie,
>>
>> If the site in question uses loose authentication that allows clear text passwords, then I see from the OPeNDAP site that it should be possible to include the username and password in the URL.
>> I believe the syntax is something like
>> http://username:password@rest-of-URL
>>
>> However, I think there are other more secure protocols that have been implemented in OPeNDAP that would require implementation within the NCL source code. If that is your case, perhaps you can describe the authentication requirements of the site in question, and we can look into the feasibility of adding the necessary code.
>>
>> If anyone on the list has more information about the current status of OPeNDAP authentication, we would be interested in your input.
>> -dave
>>
>> On Jul 8, 2011, at 11:31 AM, Jamie Scott wrote:
>>
>>> Is there a way to open OpenDap files that require http authentication-(username and passwords) using addfile in NCL?
>>>
>>> -Jamie Scott
>>>
>>>
>>> _______________________________________________
>>> ncl-talk mailing list
>>> List instructions, subscriber options, unsubscribe:
>>> http://mailman.ucar.edu/mailman/listinfo/ncl-talk
>>
_______________________________________________
ncl-talk mailing list
List instructions, subscriber options, unsubscribe:
http://mailman.ucar.edu/mailman/listinfo/ncl-talk
Received on Fri Jul 15 08:43:48 2011
This archive was generated by hypermail 2.1.8 : Mon Jul 18 2011 - 15:57:57 MDT