--- /dev/null
+== How to log in to mire without typing your password ==\r
+\r
+Zeroth, you must have openssh client 4.3 or later. Other versions may work, but we make no guarantees. You will also want the {{{krb5-user}}} package if you are using Debian or Ubuntu.\r
+\r
+\r
+Then, you must obtain kerberos tickets. If your username is "fred", you would do this by typing\r
+{{{\r
+ kinit fred@HCOOP.NET\r
+}}}\r
+\r
+Then type your password when prompted. Note that you MUST capitalize HCOOP.NET and you MUST NOT capitalize your user name. This is important.\r
+\r
+Next, make sure you have your tickets. To do this, type\r
+{{{\r
+ klist\r
+}}}\r
+You should see your tickets and their expiration dates.\r
+\r
+Last, type\r
+{{{\r
+ ssh -o 'GSSAPIAuthentication yes' -o 'GSSAPIDelegateCredentials yes' mire.hcoop.net\r
+}}}\r
+(GSSAPI is sort of like Kerberos. Don't worry about the difference at this point.)\r
+\r
+If that doesn't work, add "`-vvv`" to the command line and copy and paste the ENTIRE output into an email to hcoop-discuss and we'll tell you what's up.\r
+\r
+If you do this a lot, you can include the `GSSAPIAuthentication` and `GSSAPIDelegateCredentials` options in your `.ssh/config` file. But you should NOT turn on `GSSAPIDelegateCredentials` for arbitrary hosts (make sure you only enable it for HCOOP hosts). Here's what AdamMegacz uses:\r
+\r
+{{{\r
+Host deleuze.hcoop.net\r
+ ForwardX11Trusted yes\r
+ GSSAPIAuthentication yes\r
+ GSSAPIDelegateCredentials yes\r
+ User megacz_admin\r
+Host mire.hcoop.net\r
+ ForwardX11Trusted yes\r
+ GSSAPIAuthentication yes\r
+ GSSAPIDelegateCredentials yes\r
+ User megacz_admin\r
+}}}\r
+\r
+== If it doesn't work ==\r
+\r
+See TroubleshootingKerberos\r
HCoop / hcoop / zz_old / ikiwiki / blobdiff