IEPM

Using Kerberized SSH to Access Fermilab

SLAC Home Page

You can't give a password to access FNAL. The only options are pre-authentication with kerberos5 or use a cryto card. Either way you have first got to obtain a principal. Once you have obtained your kerberos5 credentials, you need to set up the environment. From any SLAC unix machine,
cp ~warrenm/krb5.conf .
setenv KRB5_CONFIG ~/krb5.conf
setenv PATH /afs/slac.stanford.edu/package/heimdal/@sys/bin:$PATH
and pre-authenticate
kinit or kinit user@FNAL.GOV
then you should be able to access fermilab machines, eg
telnet -a dmzmon0.deemz.net
Kerberized SSH is also available. From Antonia, try
/usr/krb5/bin/ssh dmzmon0.deemz.net
We have resolved the issue with taylor removing the /usr/krb5 directory overnight.

To run cron on the Fermilab machines, .k5login warrenm/cron/dmzmon0.deemz.net@FNAL.GOV kcroninit trscrontab For further details, see the section in the manual on Automated Processes


Created May 23, 2002. Last Updated July 12, 2002.
Comments to iepm-l@slac.stanford.edu