On December 27th, 2018, we switched CAT managed Linux workstations in our major computer labs to use an authentication/encryption system called Kerberos when accessing your files. This change is designed to significantly enhance the security of our file servers as they interact with these workstations. While most general users of these systems should not notice [...]
What’s different in a Kerberos environment? (Frequently Asked Questions) SSH keys will not work as expected when remotely logging in We recommend against using them for remote access to our lab and desktop Linux systems. (Note that SSH keys will continue to work for data center hosted remote access Linux [...]
Cron Jobs and Kerberos If at all possible run your cron jobs on server machines that don’t use Kerberos authentication. If your cron job expects access to something in your home directory, or some other NFS resource, (which is probably will) you need to make sure you have a valid kerberos ticket for [...]
SSH and Kerberos Machines that are configured to use Kerberos for authentication are also configured to use kerberos authentication (GSS API) and delegation for outgoing SSH connections to other MCECS machines by default. This means that if you are physically logged into a workstation machine and you SSH to another computer you won't [...]
Automatically Renewing Your Kerberos Ticket If you are a user who tends to stay logged into a workstation for days at a time it can important to make sure you Kerberos ticket doesn’t expire. If your Kerberos ticket expires, simulations or other programs you are running won’t be able to access/write to data [...]
Initializing Your Kerberos Ticket Whenever you log into a workstation that uses Kerberos authentication, you’ll automatically be issued a Kerberos ticket. You can see if you have a Kerberos ticket by running klist in a terminal. If you have a Kerberos ticket you’ll see something like: Ticket cache: FILE:/tmp/krb5cc_9999_prBsnY Default principal: user@CECS.PDX.EDU [...]
What Is Kerberos, and How Does It Work? Kerberos is basically a “trusted third party” that two different entities can use to validate the identity of the other with. Kerberos KDCs A kerberos Key Distribution Center (KDC) is the kerberos server that has a copy of a secret cryptographic key that [...]
Working with Kerberos on MCECS Linux Systems Kerberos management commands quickref kinit - initialize a new Kerberos ticket krenew - renew an unexpired Kerberos ticket (works until renewal lifetime exceeded - 7 days) klist - show current Kerberos tickets and expiry times If you let your kerberos ticket expire past the [...]
Keeping your shell sessions persistent with Screen What is Screen? Screen is a program that facilitates the management of multiple shell sessions. When you run screen from a linux command line it will open a screen session on top of your current command line window, with a few important benefits. Benefits [...]
Linux Versions Ubuntu Linux systems are running Xenial (1604). This includes: CS penguin (FAB 88-10) and particle (FAB 88-09) labs ada.cs.pdx.edu (aka linux.cs.pdx.edu) and babbage.cs.pdx.edu Linux Systems in the FAB MCECS General Lab (FAB 55-17) ruby.cat.pdx.edu and rita.cat.pdx.edu RHEL 5 still runs on: eve.ece.pdx.edu walle.ece.pdx.edu archive.cecs.pdx.edu RHEL 7 runs on mo.ece.pdx.edu Software: Faculty teaching classes [...]