SSH and Kerberos
This page describes how to tackle the issue of CS managed machines (e.g. hulk and rocky) not allowing you to login without a password via SSH.
CentOS 6
Get the krb5.conf
CentOS has the Kerberos tools installed by default. So no need to install those. First we'll need the krb5.conf configuration file. We probably don't need the whole configuration prepared by the CS, but it doesn't hurt to have it around either. Let's steal the file from hulk (sorry, you'll still have to login with a password):
scp hulk:/etc/krb5.conf /etc/krb5.conf
If you are running as root, don't forget to prefix the command(s) with sudo.
Install AFS tools
In order to use the Kerberos credentials to access the AFS file system, we need to install some AFS tools. But first, add a repository with the packages of those tools:
vim /etc/yum.repos.d/openafs.repo
Copy the following lines to /etc/yum.repos.d/openafs.repo:
[openafs] name=OpenAFS 1.6.1 for RHEL $releasever - $basearch baseurl=http://dl.openafs.org/dl/openafs/1.6.1/rhel-$releasever/$basearch/ enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OPENAFS priority=10
Now install the openafs-krb5 package:
yum install openafs-krb5
And finally, create a configuration file for the AFS tools:
echo "cs.stanford.edu" >> /usr/vice/etc/ThisCell
How to use it this?
Whenever you would like to log in to CS managed machines (e.g. hulk, rocky) just open a terminal and enter:
kinit your_cs_id
This command will obtain a Kerberos ticket for the account your_cs_id. Now you can login to the CS managed machines without using a password (provided that you are logging in as your_cs_id, of course).
If you would like to manually specify the lifetime of the Kerberos ticket, you can do it with the -l switch:
kinit -l 30d johns
The command above will issue a ticket with a lifetime of 30 days for the username johns.