Adding Remote Control Rooms

To add a new control room:

  1. Request a new special use principle

The principle should take the form:

  1. Generate the actual keytab files for the new principal

This is done on a linux machine with the following command:

/usr/krb5/sbin/kadmin -p nova-controlroom-<INSTITUTION>/nova/ -q "ktadd -k nova-controlroom-<INSTITUTION>.keytab nova-controlroom-<INSTITUTION>/nova/" -w <password>

Where the Institution should be replaced with the name of the institution and the password is obtained from the security people via the service desk (they will email a one time use password). This will create a keytab file called "nova-controlroom-<INSTITUTION>.keytab" which can be used to generate the kerberos tickets.


/usr/krb5/sbin/kadmin -p nova-controlroom-indiana/nova/        -q "ktadd -k nova-controlroom-indiana.keytab nova-controlroom-indiana/nova/" -w Fus734Suf992

Add this principal to the .k5login of the novacr01 account on the gateway machine

Gateway Account Access to
novadaq-far-gateway-01 novacr01,02,03,04 novadaq at fardet/neardet

Note: the .k5login file is owned by root. You must have root access. The .k5login is HARD linked to the .k5login in each of the other DAQ accounts (novacr02, novacr03, etc...)