Linux Labs now using Kerberos Authentication

On December 27th, 2018, we switched CAT managed Linux workstations in our major computer labs to use an authentication/encryption system called Kerberos when accessing your files. This change is designed to significantly enhance the security of our file servers as they interact with these workstations. While most general users of these systems should not notice [...]

2018-12-28T02:46:28+00:00December 28th, 2018|

Kerberos FAQ

What’s different in a Kerberos environment? (Frequently Asked Questions) SSH keys will not work as expected when remotely logging in We recommend against using them for remote access to our lab and desktop Linux systems. (Note that SSH keys will continue to work for data center hosted remote access Linux [...]

2018-12-28T17:27:37+00:00December 17th, 2018|

Cron Jobs and Kerberos

Cron Jobs and Kerberos If at all possible run your cron jobs on server machines that don’t use Kerberos authentication. If your cron job expects access to something in your home directory, or some other NFS resource, (which is probably will) you need to make sure you have a valid kerberos ticket for [...]

2018-12-14T14:31:59+00:00December 12th, 2018|

SSH and Kerberos

SSH and Kerberos Machines that are configured to use Kerberos for authentication are also configured to use kerberos authentication (GSS API) and delegation for outgoing SSH connections to other MCECS machines by default. This means that if you are physically logged into a workstation machine and you SSH to another computer you won't [...]

2018-12-13T15:23:57+00:00December 12th, 2018|

Renewing Your Kerberos Ticket

Automatically Renewing Your Kerberos Ticket If you are a user who tends to stay logged into a workstation for days at a time it can important to make sure you Kerberos ticket doesn’t expire. If your Kerberos ticket expires, simulations or other programs you are running won’t be able to access/write to data [...]

2018-12-28T17:30:32+00:00December 12th, 2018|

Initializing Your Kerberos Ticket

Initializing Your Kerberos Ticket Whenever you log into a workstation that uses Kerberos authentication, you’ll automatically be issued a Kerberos ticket. You can see if you have a Kerberos ticket by running klist in a terminal. If you have a Kerberos ticket you’ll see something like:   Ticket cache: FILE:/tmp/krb5cc_9999_prBsnY Default principal: user@CECS.PDX.EDU [...]

2019-01-09T17:28:40+00:00December 12th, 2018|

Understanding Kerberos

What Is Kerberos, and How Does It Work? Kerberos is basically a “trusted third party” that two different entities can use to validate the identity of the other with. Kerberos KDCs A kerberos Key Distribution Center (KDC) is the kerberos server that has a copy of a secret cryptographic key that [...]

2019-01-09T17:08:09+00:00December 12th, 2018|

Working with Kerberos

Working with Kerberos on MCECS Linux Systems Kerberos management commands quickref kinit - initialize a new Kerberos ticket krenew - renew an unexpired Kerberos ticket (works until renewal lifetime exceeded - 7 days) klist - show current Kerberos tickets and expiry times If you let your kerberos ticket expire past the [...]

2019-01-09T16:51:27+00:00December 12th, 2018|

Keeping your shell sessions persistent with Screen

Keeping your shell sessions persistent with Screen What is Screen? Screen is a program that facilitates the management of multiple shell sessions. When you run screen from a linux command line it will open a screen session on top of your current command line window, with a few important benefits. Benefits [...]

2018-07-25T12:20:34+00:00July 24th, 2018|

Linux – New things for Fall Term

Linux Versions Ubuntu Linux systems are running Xenial (1604). This includes: CS penguin (FAB 88-10) and particle (FAB 88-09) labs (aka and Linux Systems in the FAB MCECS General Lab (FAB 55-17) and RHEL 5 still runs on: RHEL 7 runs on Software: Faculty teaching classes [...]

2017-10-02T02:35:12+00:00October 2nd, 2017|