If you are not familiar with using kerberized ssh, you should do the following at the shell prompt:
kinit -A -r168h <assigned_user_name>@FNAL.GOVIf this is unsuccessful, you will need a suitable
/etc/(see example krb5.conf). If you do not have system-level access, you can copy this file locally and set an environment variable, e.g.:
Make sure you have a .ssh directory:
mkdir -p ~/.ssh && chmod 700 ~/.ssh/config
Next, make sure you have the following clause in your
.ssh/configfile. If it does not exist, create it with your favorite editor. If it does exist, make sure the following clause gets in before the "Host *" clause.
Host 131.225.* *.fnal.gov *soudan.org Protocol 2 GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPIKeyExchange yes ForwardX11Trusted yes ForwardX11 yes
Now, you should be able to log in with:
ssh -l <assigned_user_name> ds50.fnal.gov
Please verify you have write-access to your own files with:
touch fredIf you don't have an error, you're in!
Important notes: Your kerberos ticket does not last forever! It generally lasts for up 26h, after which time you will not be able to log back in to
ds50 and any existing logins will lose access to files.
At any time up to 26h, if you used the
-r option to your original
kinit command, you will be able to type:
kinit -Rto re-initialize your credentials.