Project

General

Profile

Login instructions

If you are not familiar with using kerberized ssh, you should do the following at the shell prompt:

kinit -A -r168h <assigned_user_name>@FNAL.GOV
If this is unsuccessful, you will need a suitable krb5.conf in /etc/ (see example krb5.conf). If you do not have system-level access, you can copy this file locally and set an environment variable, e.g.:
export KRB5_CONFIG=~/krb5.conf

Make sure you have a .ssh directory:

mkdir -p ~/.ssh && chmod 700 ~/.ssh/config

Next, make sure you have the following clause in your .ssh/config file. If it does not exist, create it with your favorite editor. If it does exist, make sure the following clause gets in before the "Host *" clause.
Host 131.225.* *.fnal.gov *soudan.org
Protocol 2
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange yes
ForwardX11Trusted yes
ForwardX11 yes

Now, you should be able to log in with:
ssh -l <assigned_user_name> ds50.fnal.gov

Please verify you have write-access to your own files with:
touch fred
If you don't have an error, you're in!

Important notes: Your kerberos ticket does not last forever! It generally lasts for up 26h, after which time you will not be able to log back in to ds50 and any existing logins will lose access to files.

At any time up to 26h, if you used the -r option to your original kinit command, you will be able to type:

kinit -R
to re-initialize your credentials.