[hcoop/zz_old/ikiwiki] / PasswordlessLogin.mdwn

== How to log in to mire without typing your password ==\r
\r
Zeroth, you must have openssh client 4.3 or later.  Other versions may work, but we make no guarantees.  You will also want the {{{krb5-user}}} package if you are using Debian or Ubuntu.\r
\r
\r
Then, you must obtain kerberos tickets.  If your username is "fred", you would do this by typing\r
{{{\r
   kinit fred@HCOOP.NET\r
}}}\r
\r
Then type your password when prompted. Note that you MUST capitalize HCOOP.NET and you MUST NOT capitalize your user name.  This is important.\r
\r
Next, make sure you have your tickets.  To do this, type\r
{{{\r
   klist\r
}}}\r
You should see your tickets and their expiration dates.\r
\r
Last, type\r
{{{\r
   ssh -o 'GSSAPIAuthentication yes' -o 'GSSAPIDelegateCredentials yes' mire.hcoop.net\r
}}}\r
(GSSAPI is sort of like Kerberos.  Don't worry about the difference at this point.)\r
\r
If that doesn't work, add "`-vvv`" to the command line and copy and paste the ENTIRE output into an email to hcoop-discuss and we'll tell you what's up.\r
\r
If you do this a lot, you can include the `GSSAPIAuthentication` and `GSSAPIDelegateCredentials` options in your `.ssh/config` file.  But you should NOT turn on `GSSAPIDelegateCredentials` for arbitrary hosts (make sure you only enable it for HCOOP hosts).  Here's what AdamMegacz uses:\r
\r
{{{\r
Host deleuze.hcoop.net\r
  ForwardX11Trusted yes\r
  GSSAPIAuthentication yes\r
  GSSAPIDelegateCredentials yes\r
  User megacz_admin\r
Host mire.hcoop.net\r
  ForwardX11Trusted yes\r
  GSSAPIAuthentication yes\r
  GSSAPIDelegateCredentials yes\r
  User megacz_admin\r
}}}\r
\r
== If it doesn't work ==\r
\r
See TroubleshootingKerberos\r
Commit	Line	Data
ee25310d	1	== How to log in to mire without typing your password ==\r
	2	\r
	3	Zeroth, you must have openssh client 4.3 or later. Other versions may work, but we make no guarantees. You will also want the {{{krb5-user}}} package if you are using Debian or Ubuntu.\r
	4	\r
	5	\r
	6	Then, you must obtain kerberos tickets. If your username is "fred", you would do this by typing\r
	7	{{{\r
	8	kinit fred@HCOOP.NET\r
	9	}}}\r
	10	\r
	11	Then type your password when prompted. Note that you MUST capitalize HCOOP.NET and you MUST NOT capitalize your user name. This is important.\r
	12	\r
	13	Next, make sure you have your tickets. To do this, type\r
	14	{{{\r
	15	klist\r
	16	}}}\r
	17	You should see your tickets and their expiration dates.\r
	18	\r
	19	Last, type\r
	20	{{{\r
	21	ssh -o 'GSSAPIAuthentication yes' -o 'GSSAPIDelegateCredentials yes' mire.hcoop.net\r
	22	}}}\r
	23	(GSSAPI is sort of like Kerberos. Don't worry about the difference at this point.)\r
	24	\r
	25	If that doesn't work, add "`-vvv`" to the command line and copy and paste the ENTIRE output into an email to hcoop-discuss and we'll tell you what's up.\r
	26	\r
	27	If you do this a lot, you can include the `GSSAPIAuthentication` and `GSSAPIDelegateCredentials` options in your `.ssh/config` file. But you should NOT turn on `GSSAPIDelegateCredentials` for arbitrary hosts (make sure you only enable it for HCOOP hosts). Here's what AdamMegacz uses:\r
	28	\r
	29	{{{\r
	30	Host deleuze.hcoop.net\r
	31	ForwardX11Trusted yes\r
	32	GSSAPIAuthentication yes\r
	33	GSSAPIDelegateCredentials yes\r
	34	User megacz_admin\r
	35	Host mire.hcoop.net\r
	36	ForwardX11Trusted yes\r
	37	GSSAPIAuthentication yes\r
	38	GSSAPIDelegateCredentials yes\r
	39	User megacz_admin\r
	40	}}}\r
	41	\r
	42	== If it doesn't work ==\r
	43	\r
	44	See TroubleshootingKerberos\r