LoginTutorial: Difference between revisions

From Mu2eWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:


To login to the central machines at Fermilab, you will need first need your [[ComputingAccounts|accounts created]].  This process may take a day or wo, and will result in three authentications:
To login to the central machines at Fermilab, you will need first need your [[ComputingAccounts|accounts created]].  This process may take a day or two, and will result in three authentications:
* kerberos used for loggins into central machines, among others
* kerberos used for loggins into central machines, among others
* a services account for email, servicedesk and other uses
* a services account for email, servicedesk and other uses
Line 8: Line 8:
If you are sitting at a Fermilab linux computer, you can use your kerberos login at the login screen.  If you are at a university computer with kerberos installed, you may or may not be able to obtain your kerberos authentication.  If you are already on a Fermilab desktop or a Mu2e central computer, you can get this authentication with:
If you are sitting at a Fermilab linux computer, you can use your kerberos login at the login screen.  If you are at a university computer with kerberos installed, you may or may not be able to obtain your kerberos authentication.  If you are already on a Fermilab desktop or a Mu2e central computer, you can get this authentication with:
  kinit <your user name>@FNAL.GOV
  kinit <your user name>@FNAL.GOV
If that is successful, you can login to the central systems:
  ssh <username>@mu2egpvm01.fnal.gov


If you have problems, please look through [[Authentication]] and the links it points to, in particular, if you are on a University machine, you might need to configure kerberos with a new krb5.conf file.   
If you have problems, please look through [[Authentication]] and the links it points to, in particular, if you are on a University machine, you might need to configure kerberos with a new krb5.conf file.   


If you are on a windows laptop, you will want to install [[ComputingLogin#Logging_in_From_PC.27s|Putty and xming]].  If you are on a Mac, see [[ComputingLogin#Logging_in_from_Linux_or_Mac.27s|Mac's]].
If you are on a windows laptop, you will want to install [[ComputingLogin#Logging_in_From_PC.27s|Putty and xming]].  PuTTy allows you to login in a terminal window on the central machines, and xming allows you to display xwindows back on your laptop. If you are on a Mac, see [[ComputingLogin#Logging_in_from_Linux_or_Mac.27s|Mac's]].


You probably want to try out your email, by going to email.fnal.gov and putting in your services password.  Some official communications are sent only to this address so check it regularly or forward it to a preferred account.
You probably want to try out your email, by going to email.fnal.gov and putting in your services password.  Some official communications are sent only to this address so check it regularly or forward it to a preferred account.
Line 29: Line 31:
If you stay logged on overnight, it will expire and you will need to renew it with '''kinit'''.
If you stay logged on overnight, it will expire and you will need to renew it with '''kinit'''.


You can use your kerberos identity to invoke your certifcate identity with '''kx509''.
You can use your kerberos identity to invoke your certificate identity with '''kx509'''.
<pre>
<pre>
  > kx509
  > kx509
Line 38: Line 40:
</pre>
</pre>


[https://fermi.service-now.com/kb_view.do?sysparm_article=KB0011548 download] your cert into your browsers.
You can see your cert with '''voms-proxy-info --all''':
<pre>
> voms-proxy-info --all
subject  : /DC=org/DC=cilogon/C=US/O=Fermi National Accelerator Laboratory/OU=People/CN=Raymond Culbertson/CN=UID:rlc
issuer    : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1
identity  : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1
type      : unknown
strength  : 2048 bits
path      : /tmp/x509up_u1311
timeleft  : 167:51:31
key usage : Digital Signature, Key Encipherment, Data Encipherment
</pre>
 
Your certificate can be extended with information about your experiment and the roles you have access to.  This can be done with a script
/cvmfs/mu2e.opensciencegrid.org/bin/vomsCert
If you then run '''voms-proxy-info --all''' you will see your cert has gotten longer. 
 
You will want to bring your certificate into your browsers since a few web pages, notably the Mu2e doc-db, are authenticated with the certificate.  [https://fermi.service-now.com/kb_view.do?sysparm_article=KB0011548 Download] your cert into your browsers.
 
You will want to create an account on [https://mu2e-hnews.fnal.gov/HyperNews/Mu2e/top.pl hypernews] and subscribe to topics that are relevant for you.
 


*kinit
*kx509
*vomsCert
*machine tour
*machine tour
*disk tour
*disk tour

Revision as of 18:35, 18 June 2019

To login to the central machines at Fermilab, you will need first need your accounts created. This process may take a day or two, and will result in three authentications:

  • kerberos used for loggins into central machines, among others
  • a services account for email, servicedesk and other uses
  • CILogin certificate, for submitting jobs, transferring and uploading data

You can read more about this at Authentication, which you should at least scan before continuing.

If you are sitting at a Fermilab linux computer, you can use your kerberos login at the login screen. If you are at a university computer with kerberos installed, you may or may not be able to obtain your kerberos authentication. If you are already on a Fermilab desktop or a Mu2e central computer, you can get this authentication with:

kinit <your user name>@FNAL.GOV

If that is successful, you can login to the central systems:

 ssh <username>@mu2egpvm01.fnal.gov

If you have problems, please look through Authentication and the links it points to, in particular, if you are on a University machine, you might need to configure kerberos with a new krb5.conf file.

If you are on a windows laptop, you will want to install Putty and xming. PuTTy allows you to login in a terminal window on the central machines, and xming allows you to display xwindows back on your laptop. If you are on a Mac, see Mac's.

You probably want to try out your email, by going to email.fnal.gov and putting in your services password. Some official communications are sent only to this address so check it regularly or forward it to a preferred account.

OK, from here on we will assume you are on a central machine.

You can see your ticket with the klist command:

 > klist
Ticket cache: FILE:/tmp/krb5cc_1311_xShHU10541
Default principal: rlc@FNAL.GOV

Valid starting     Expires            Service principal
06/18/19 12:58:54  06/19/19 14:58:50  krbtgt/FNAL.GOV@FNAL.GOV
        renew until 06/25/19 12:58:50

If you stay logged on overnight, it will expire and you will need to renew it with kinit.

You can use your kerberos identity to invoke your certificate identity with kx509.

 > kx509
Authorizing ...... authorized
Fetching certificate ..... fetched
Storing certificate in /tmp/x509up_u1311
Your certificate is valid until: Tue Jun 25 13:18:18 2019

You can see your cert with voms-proxy-info --all:

> voms-proxy-info --all
subject   : /DC=org/DC=cilogon/C=US/O=Fermi National Accelerator Laboratory/OU=People/CN=Raymond Culbertson/CN=UID:rlc
issuer    : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1
identity  : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1
type      : unknown
strength  : 2048 bits
path      : /tmp/x509up_u1311
timeleft  : 167:51:31
key usage : Digital Signature, Key Encipherment, Data Encipherment

Your certificate can be extended with information about your experiment and the roles you have access to. This can be done with a script

/cvmfs/mu2e.opensciencegrid.org/bin/vomsCert 

If you then run voms-proxy-info --all you will see your cert has gotten longer.

You will want to bring your certificate into your browsers since a few web pages, notably the Mu2e doc-db, are authenticated with the certificate. Download your cert into your browsers.

You will want to create an account on hypernews and subscribe to topics that are relevant for you.


  • machine tour
  • disk tour