ee25310d |
1 | == How to log in to mire without typing your password ==\r |
2 | \r |
3 | Zeroth, you must have openssh client 4.3 or later. Other versions may work, but we make no guarantees. You will also want the {{{krb5-user}}} package if you are using Debian or Ubuntu.\r |
4 | \r |
5 | \r |
6 | Then, you must obtain kerberos tickets. If your username is "fred", you would do this by typing\r |
7 | {{{\r |
8 | kinit fred@HCOOP.NET\r |
9 | }}}\r |
10 | \r |
11 | Then type your password when prompted. Note that you MUST capitalize HCOOP.NET and you MUST NOT capitalize your user name. This is important.\r |
12 | \r |
13 | Next, make sure you have your tickets. To do this, type\r |
14 | {{{\r |
15 | klist\r |
16 | }}}\r |
17 | You should see your tickets and their expiration dates.\r |
18 | \r |
19 | Last, type\r |
20 | {{{\r |
21 | ssh -o 'GSSAPIAuthentication yes' -o 'GSSAPIDelegateCredentials yes' mire.hcoop.net\r |
22 | }}}\r |
23 | (GSSAPI is sort of like Kerberos. Don't worry about the difference at this point.)\r |
24 | \r |
25 | If that doesn't work, add "`-vvv`" to the command line and copy and paste the ENTIRE output into an email to hcoop-discuss and we'll tell you what's up.\r |
26 | \r |
27 | If you do this a lot, you can include the `GSSAPIAuthentication` and `GSSAPIDelegateCredentials` options in your `.ssh/config` file. But you should NOT turn on `GSSAPIDelegateCredentials` for arbitrary hosts (make sure you only enable it for HCOOP hosts). Here's what AdamMegacz uses:\r |
28 | \r |
29 | {{{\r |
30 | Host deleuze.hcoop.net\r |
31 | ForwardX11Trusted yes\r |
32 | GSSAPIAuthentication yes\r |
33 | GSSAPIDelegateCredentials yes\r |
34 | User megacz_admin\r |
35 | Host mire.hcoop.net\r |
36 | ForwardX11Trusted yes\r |
37 | GSSAPIAuthentication yes\r |
38 | GSSAPIDelegateCredentials yes\r |
39 | User megacz_admin\r |
40 | }}}\r |
41 | \r |
42 | == If it doesn't work ==\r |
43 | \r |
44 | See TroubleshootingKerberos\r |