Project

General

Profile

Offsite Computing Issues

If you use computers with names that do not end in fnal.gov this page is for you.

Kerberos

Kerberos is needed for interactive shell access to FNAL machines and repository commits to Redmine projects.

System setup

Modify your /etc/krb5.conf file to add:

[libdefaults]
        allow_weak_crypto = true

Yes, weak.

And add a stanza for the FNAL.GOV realm

[realms]
        FNAL.GOV = {
          kdc = krb-fnal-1.fnal.gov
          kdc = krb-fnal-2.fnal.gov
          kdc = krb-fnal-3.fnal.gov
          kdc = krb-fnal-4.fnal.gov
          kdc = krb-fnal-5.fnal.gov
          admin_server = krb-fnal-admin.fnal.gov
        }

User setup

Add a stanza to your ~/.ssh/config file for the repository server:

host cdcvs.fnal.gov
  ForwardX11 = no
  GSSAPIAuthentication yes
  GSSAPIDelegateCredentials yes