...
External Sites (non-Fermilab)
Kerberos Configuration
Fermilab uses Kerberos for external authentication. This section assumes that you have a Fermilab Kerberos principal. Follow these instructions if you need an account at Fermilab and are authorized to obtain one.
Assuming that your machine has recent versions of SSH and Kerberos and you will not be using a Cryptocard, download Fermilab's official Kerberos configuration file. You will need root permissions to execute the following command which backs up your current configuration and replaces it with the new one.
No Format |
---|
cd /etc
cp krb5.conf krb5.conf.bkp
wget http://security.fnal.gov/krb5.conf
|
Logging In
Logging in to a Fermilab gateway machine should now work provided that Kerberos has been configured correctly.
Initialize the Kerberos session.
No Format |
---|
kinit -f USERNAME
|
Now ssh to a gateway machine.
No Format |
---|
ssh USERNAME
|
You may need to use this !ssh_config! for the Kerberos ticket forwarding to work correctly.
From the node inside Fermilab, execute kinit again.
No Format |
---|
kinit -f USERNAME
|
Now you should be able to connect to the ilcsim node.
No Format |
---|
ssh ilcsim
|
Grid
If you want to use a grid-enabled node outside Fermilab, you may only need to add a single configuration file containing the ilc VOMS server information.
...