Infolab wiki|
Size: 1485
Comment:
|
← Revision 19 as of 2012-10-31 22:21:43 ⇥
Size: 1641
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| #acl +Infolab:read,write,delete,evert All:read |
|
| Line 4: | Line 2: |
| Line 7: | Line 4: |
| === Configure your OS === | Please note that all the tools are already configured on [[Bruce]], [[Rambo]] and [[Zarya]]. |
| Line 9: | Line 6: |
| === 1. Configure your OS === | |
| Line 10: | Line 8: |
| * Configure CentOS 5: SshKerberosCentos5 * Configure Mac OS X: SshKerberosMac * More OSs coming soon... |
|
| Line 11: | Line 12: |
| === How to use it? === |
=== 2. Use the Kerberos tools === |
| Line 14: | Line 14: |
| Line 20: | Line 19: |
| Line 26: | Line 24: |
| kinit -l 30d johns | kinit -l 30d your_cs_id |
| Line 28: | Line 26: |
| Line 31: | Line 28: |
| You can obtain a ticket for any username if you have a password for that usename (so my username is ''js'' on the local machine I can still obtain the ticket for my johns CS account). | You can obtain a ticket for any username if you have a password for that usename (so my username is ''js'' on the local machine I can still obtain the ticket for my johns CS account). |
| Line 34: | Line 31: |
| Line 40: | Line 36: |
| Line 42: | Line 37: |
SSH and Kerberos
This page describes how to tackle the issue of CS managed machines (e.g. hulk and rocky) not allowing you to login without a password via SSH.
Please note that all the tools are already configured on Bruce, Rambo and Zarya.
1. Configure your OS
Configure CentOS 6: SshKerberosCentos6
Configure CentOS 5: SshKerberosCentos5
Configure Mac OS X: SshKerberosMac
- More OSs coming soon...
2. Use the Kerberos tools
Get a ticket
Whenever you would like to log in to CS managed machines (e.g. hulk, rocky) just open a terminal and enter:
kinit your_cs_id
This command will ask you for the password of your_cs_id and obtain a Kerberos ticket for the account your_cs_id. Now you can login to the CS managed machines without using a password (provided that you are logging in as your_cs_id, of course).
If you would like to manually specify the lifetime of the Kerberos ticket, you can do it with the -l switch:
kinit -l 30d your_cs_id
The command above will issue a ticket with a lifetime of 30 days for the username johns.
You can obtain a ticket for any username if you have a password for that usename (so my username is js on the local machine I can still obtain the ticket for my johns CS account).
Listing your tickets
You can list all of the tickets that you currently posses with the klist command:
klist
Deleting tickets
There may be a case when you do not need the Kerberos ticket any more and you want to delete. No problem, you can do this:
kdestroy