LoginTutorial: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
To login to the central machines at Fermilab, you will need first need your [[ComputingAccounts|accounts created]]. This process may take a day or | To login to the central machines at Fermilab, you will need first need your [[ComputingAccounts|accounts created]]. This process may take a day or two, and will result in three authentications: | ||
* kerberos used for loggins into central machines, among others | * kerberos used for loggins into central machines, among others | ||
* a services account for email, servicedesk and other uses | * a services account for email, servicedesk and other uses | ||
Line 8: | Line 8: | ||
If you are sitting at a Fermilab linux computer, you can use your kerberos login at the login screen. If you are at a university computer with kerberos installed, you may or may not be able to obtain your kerberos authentication. If you are already on a Fermilab desktop or a Mu2e central computer, you can get this authentication with: | If you are sitting at a Fermilab linux computer, you can use your kerberos login at the login screen. If you are at a university computer with kerberos installed, you may or may not be able to obtain your kerberos authentication. If you are already on a Fermilab desktop or a Mu2e central computer, you can get this authentication with: | ||
kinit <your user name>@FNAL.GOV | kinit <your user name>@FNAL.GOV | ||
If that is successful, you can login to the central systems: | |||
ssh <username>@mu2egpvm01.fnal.gov | |||
If you have problems, please look through [[Authentication]] and the links it points to, in particular, if you are on a University machine, you might need to configure kerberos with a new krb5.conf file. | If you have problems, please look through [[Authentication]] and the links it points to, in particular, if you are on a University machine, you might need to configure kerberos with a new krb5.conf file. | ||
If you are on a windows laptop, you will want to install [[ComputingLogin#Logging_in_From_PC.27s|Putty and xming]]. If you are on a Mac, see [[ComputingLogin#Logging_in_from_Linux_or_Mac.27s|Mac's]]. | If you are on a windows laptop, you will want to install [[ComputingLogin#Logging_in_From_PC.27s|Putty and xming]]. PuTTy allows you to login in a terminal window on the central machines, and xming allows you to display xwindows back on your laptop. If you are on a Mac, see [[ComputingLogin#Logging_in_from_Linux_or_Mac.27s|Mac's]]. | ||
You probably want to try out your email, by going to email.fnal.gov and putting in your services password. Some official communications are sent only to this address so check it regularly or forward it to a preferred account. | You probably want to try out your email, by going to email.fnal.gov and putting in your services password. Some official communications are sent only to this address so check it regularly or forward it to a preferred account. | ||
Line 29: | Line 31: | ||
If you stay logged on overnight, it will expire and you will need to renew it with '''kinit'''. | If you stay logged on overnight, it will expire and you will need to renew it with '''kinit'''. | ||
You can use your kerberos identity to invoke your | You can use your kerberos identity to invoke your certificate identity with '''kx509'''. | ||
<pre> | <pre> | ||
> kx509 | > kx509 | ||
Line 38: | Line 40: | ||
</pre> | </pre> | ||
[https://fermi.service-now.com/kb_view.do?sysparm_article=KB0011548 | You can see your cert with '''voms-proxy-info --all''': | ||
<pre> | |||
> voms-proxy-info --all | |||
subject : /DC=org/DC=cilogon/C=US/O=Fermi National Accelerator Laboratory/OU=People/CN=Raymond Culbertson/CN=UID:rlc | |||
issuer : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1 | |||
identity : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1 | |||
type : unknown | |||
strength : 2048 bits | |||
path : /tmp/x509up_u1311 | |||
timeleft : 167:51:31 | |||
key usage : Digital Signature, Key Encipherment, Data Encipherment | |||
</pre> | |||
Your certificate can be extended with information about your experiment and the roles you have access to. This can be done with a script | |||
/cvmfs/mu2e.opensciencegrid.org/bin/vomsCert | |||
If you then run '''voms-proxy-info --all''' you will see your cert has gotten longer. | |||
You will want to bring your certificate into your browsers since a few web pages, notably the Mu2e doc-db, are authenticated with the certificate. [https://fermi.service-now.com/kb_view.do?sysparm_article=KB0011548 Download] your cert into your browsers. | |||
You will want to create an account on [https://mu2e-hnews.fnal.gov/HyperNews/Mu2e/top.pl hypernews] and subscribe to topics that are relevant for you. | |||
*machine tour | *machine tour | ||
*disk tour | *disk tour |
Revision as of 18:35, 18 June 2019
To login to the central machines at Fermilab, you will need first need your accounts created. This process may take a day or two, and will result in three authentications:
- kerberos used for loggins into central machines, among others
- a services account for email, servicedesk and other uses
- CILogin certificate, for submitting jobs, transferring and uploading data
You can read more about this at Authentication, which you should at least scan before continuing.
If you are sitting at a Fermilab linux computer, you can use your kerberos login at the login screen. If you are at a university computer with kerberos installed, you may or may not be able to obtain your kerberos authentication. If you are already on a Fermilab desktop or a Mu2e central computer, you can get this authentication with:
kinit <your user name>@FNAL.GOV
If that is successful, you can login to the central systems:
ssh <username>@mu2egpvm01.fnal.gov
If you have problems, please look through Authentication and the links it points to, in particular, if you are on a University machine, you might need to configure kerberos with a new krb5.conf file.
If you are on a windows laptop, you will want to install Putty and xming. PuTTy allows you to login in a terminal window on the central machines, and xming allows you to display xwindows back on your laptop. If you are on a Mac, see Mac's.
You probably want to try out your email, by going to email.fnal.gov and putting in your services password. Some official communications are sent only to this address so check it regularly or forward it to a preferred account.
OK, from here on we will assume you are on a central machine.
You can see your ticket with the klist command:
> klist Ticket cache: FILE:/tmp/krb5cc_1311_xShHU10541 Default principal: rlc@FNAL.GOV Valid starting Expires Service principal 06/18/19 12:58:54 06/19/19 14:58:50 krbtgt/FNAL.GOV@FNAL.GOV renew until 06/25/19 12:58:50
If you stay logged on overnight, it will expire and you will need to renew it with kinit.
You can use your kerberos identity to invoke your certificate identity with kx509.
> kx509 Authorizing ...... authorized Fetching certificate ..... fetched Storing certificate in /tmp/x509up_u1311 Your certificate is valid until: Tue Jun 25 13:18:18 2019
You can see your cert with voms-proxy-info --all:
> voms-proxy-info --all subject : /DC=org/DC=cilogon/C=US/O=Fermi National Accelerator Laboratory/OU=People/CN=Raymond Culbertson/CN=UID:rlc issuer : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1 identity : /DC=org/DC=cilogon/C=US/O=CILogon/CN=CILogon Basic CA 1 type : unknown strength : 2048 bits path : /tmp/x509up_u1311 timeleft : 167:51:31 key usage : Digital Signature, Key Encipherment, Data Encipherment
Your certificate can be extended with information about your experiment and the roles you have access to. This can be done with a script
/cvmfs/mu2e.opensciencegrid.org/bin/vomsCert
If you then run voms-proxy-info --all you will see your cert has gotten longer.
You will want to bring your certificate into your browsers since a few web pages, notably the Mu2e doc-db, are authenticated with the certificate. Download your cert into your browsers.
You will want to create an account on hypernews and subscribe to topics that are relevant for you.
- machine tour
- disk tour