HCoop Git - hcoop/zz_old/ikiwiki/blob - PasswordlessLogin.mdwn

   1 == How to log in to mire without typing your password ==
   2
   3 Zeroth, you must have openssh client 4.3 or later.  Other versions may work, but we make no guarantees.  You will also want the {{{krb5-user}}} package if you are using Debian or Ubuntu.
   4
   5
   6 Then, you must obtain kerberos tickets.  If your username is "fred", you would do this by typing
   7 {{{
   8    kinit fred@HCOOP.NET
   9 }}}
  10
  11 Then type your password when prompted. Note that you MUST capitalize HCOOP.NET and you MUST NOT capitalize your user name.  This is important.
  12
  13 Next, make sure you have your tickets.  To do this, type
  14 {{{
  15    klist
  16 }}}
  17 You should see your tickets and their expiration dates.
  18
  19 Last, type
  20 {{{
  21    ssh -o 'GSSAPIAuthentication yes' -o 'GSSAPIDelegateCredentials yes' mire.hcoop.net
  22 }}}
  23 (GSSAPI is sort of like Kerberos.  Don't worry about the difference at this point.)
  24
  25 If that doesn't work, add "`-vvv`" to the command line and copy and paste the ENTIRE output into an email to hcoop-discuss and we'll tell you what's up.
  26
  27 If you do this a lot, you can include the `GSSAPIAuthentication` and `GSSAPIDelegateCredentials` options in your `.ssh/config` file.  But you should NOT turn on `GSSAPIDelegateCredentials` for arbitrary hosts (make sure you only enable it for HCOOP hosts).  Here's what AdamMegacz uses:
  28
  29 {{{
  30 Host deleuze.hcoop.net
  31   ForwardX11Trusted yes
  32   GSSAPIAuthentication yes
  33   GSSAPIDelegateCredentials yes
  34   User megacz_admin
  35 Host mire.hcoop.net
  36   ForwardX11Trusted yes
  37   GSSAPIAuthentication yes
  38   GSSAPIDelegateCredentials yes
  39   User megacz_admin
  40 }}}
  41
  42 == If it doesn't work ==
  43
  44 See TroubleshootingKerberos