ARSC Kerberos/SecurID Login Procedures

Topics:

• Console Login to ARSC Workstations
• Remote Login to ARSC Systems
• Changing Your Kerberos Passphrase
• Changing Your SecurID PIN

Console Login to ARSC Workstations

All access to ARSC systems is controlled by Kerberos5/SecurID. This includes locally logging in to any ARSC system at the console. To login using the Kerberos5/SecurID enhanced XDM:

1. Move the mouse around to wakeup the screensaver. You should see a dialog box similar to this:

   delta.arsc.edu(Irix 6.5)
   Login: Principle: Password:

2. Respond as follows:

   'Login:'

   Enter your standard ARSC UserID.

   'Principle:'

   Leave this blank. It is only needed if you are authenticating with a remote server (for example: joe@HPCMP.HPC.MIL).

   'Password:'

   Enter your Kerberos passphrase.

   'Passcode:'

   After you have entered your Kerberos passphrase, this prompt will appear. Obtain your 6-digit passcode by entering your 5-digit PIN into your SecurID card, and pressing the diamond-shaped key. Your card should now be displaying a valid 6-digit passcode.

3. If your authentication was successful, your workstation will now finish logging you in and will bring up your desktop environment. Your workstation also has all of the Kerberized clients on it (ktelnet, krlogin,kftp, etc.) so that you can connect to other ARSC systems.
4. If you have to leave your workstation while logged in, be sure to invoke the screen-locking application by giving the xlock command. To clear xlock you will again need to supply your Kerberos5 passphrase and a new, valid SecurID passcode.

Remote login to ARSC systems

Since access to all ARSC systems is controlled by Kerberos5/SecurID, you will need to install a local copy of the HPCMP Kerberos5/SecurID client onto your personal workstation.

Kerberos5/SecurID

Please refer to our Obtaining and Installing Kerberos5 Clients page for information on where and how to obtain the Kerberos5/SecurID clients for your system.

Following the instructions for your specific system found in the Usage section of Obtaining and Installing Kerberos5 Clients, obtain a valid Kerberos5 ticket and then open a connection to an ARSC system. Available ARSC systems are listed on our Real-Time Host Status page.

Changing Your Kerberos Passphrase

Unix/Linux Clients:

The "kpasswd" command is used to change your existing Kerberos passphrase. To change your passphrase, obtain a Kerberos ticket then log onto an ARSC system and invoke the "kpasswd" command. For instance:

$ kpasswd user@ARSC.EDU

You will be prompted for your old passphrase, a new passcode from your SecurID card, and finally, the new desired passphrase (twice).

PC Clients:

Click the "change password" button in the "KRB5.EXE" dialog window.

Common Problems:

• Firewalls:

  If you're behind a firewall, note that while port 88 must be opened up to use kinit, ktelnet, and krlogin, an additional port, 749, must be opened up to use kpasswd.

• Misleading error messages:

  Entering a bad passcode can result in a message like this:

  kpasswd: Cannot establish a session with the Kerberos administrative server for realm ARSC.EDU.

Changing Your SecurID PIN

You may reset your PIN by contacting User Support. If you suspect your current PIN has been compromised or you have forgotten it, please contact User Support as soon as possible.

More Information

• Contact User Support if you encounter any problems.

 

Arctic Region Supercomputing Center
PO Box 756020, Fairbanks, AK 99775 | voice: 907-450-8600 | email:

home | search | about | support | news | science | resources