1485
Comment:
|
← Revision 19 as of 2012-10-31 22:21:43 ⇥
1641
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
#acl +Infolab:read,write,delete,evert All:read |
|
Line 4: | Line 2: |
Line 7: | Line 4: |
=== Configure your OS === | Please note that all the tools are already configured on [[Bruce]], [[Rambo]] and [[Zarya]]. |
Line 9: | Line 6: |
=== 1. Configure your OS === | |
Line 10: | Line 8: |
* Configure CentOS 5: SshKerberosCentos5 * Configure Mac OS X: SshKerberosMac * More OSs coming soon... |
|
Line 11: | Line 12: |
=== How to use it? === |
=== 2. Use the Kerberos tools === |
Line 14: | Line 14: |
Line 20: | Line 19: |
Line 26: | Line 24: |
kinit -l 30d johns | kinit -l 30d your_cs_id |
Line 28: | Line 26: |
Line 31: | Line 28: |
You can obtain a ticket for any username if you have a password for that usename (so my username is ''js'' on the local machine I can still obtain the ticket for my johns CS account). | You can obtain a ticket for any username if you have a password for that usename (so my username is ''js'' on the local machine I can still obtain the ticket for my johns CS account). |
Line 34: | Line 31: |
Line 40: | Line 36: |
Line 42: | Line 37: |
SSH and Kerberos
This page describes how to tackle the issue of CS managed machines (e.g. hulk and rocky) not allowing you to login without a password via SSH.
Please note that all the tools are already configured on Bruce, Rambo and Zarya.
1. Configure your OS
Configure CentOS 6: SshKerberosCentos6
Configure CentOS 5: SshKerberosCentos5
Configure Mac OS X: SshKerberosMac
- More OSs coming soon...
2. Use the Kerberos tools
Get a ticket
Whenever you would like to log in to CS managed machines (e.g. hulk, rocky) just open a terminal and enter:
kinit your_cs_id
This command will ask you for the password of your_cs_id and obtain a Kerberos ticket for the account your_cs_id. Now you can login to the CS managed machines without using a password (provided that you are logging in as your_cs_id, of course).
If you would like to manually specify the lifetime of the Kerberos ticket, you can do it with the -l switch:
kinit -l 30d your_cs_id
The command above will issue a ticket with a lifetime of 30 days for the username johns.
You can obtain a ticket for any username if you have a password for that usename (so my username is js on the local machine I can still obtain the ticket for my johns CS account).
Listing your tickets
You can list all of the tickets that you currently posses with the klist command:
klist
Deleting tickets
There may be a case when you do not need the Kerberos ticket any more and you want to delete. No problem, you can do this:
kdestroy