USQCD: US Lattice Quantum Chromodynamics

USQCD home
Physics program
Software
- download
- ILDG
Hardware
- Installations
- QCDOC
- Clusters
- LQCD Project
USQCD Collaboration
Links and resources

FNAL - LQCD Documentation

News ^{Updated: 05/01/08}

New Users

Mass/Tape Storage Details

Strong Authentication at Fermilab

Strong authentication is a form of computer security in which the identities of networked users, clients and servers are verified without transmitting passwords over the network.

The Kerberos Network Authentication Service V5 is the network authentication program that implements strong authentication. In addition to establishing identity (authentication), it supports encrypted network connections, thereby providing confidentiality.

Fermilab employs Kerberos to authenticate users who want to access computer systems at the lab. A user must have a valid kerberos ticket before he can login to a machine. Tickets can be obtained by using the kinit client application on the user's workstation, or the user may obtain a ticket during the login process by using a cryptocard. Tickets expire in 24 hours, but generally can be renewed before expiration for a period of 7 days. Only users who have current (unexpired) kerberos principals issued by Fermilab can obtain kerberos tickets.

Kerberos clients include telnet, ftp, rsh, rcp, rlogin, and, if specially built, ssh and slogin. All of these clients can encrypt communications.

All computer users at Fermilab have the responsibility to understand the broad outlines of Fermilab's Policy on Computing, and to comply with the policy.

Please refer to the following web page for more technical details: Introduction to Strong Authentication

Obtaining a New User Account

Kerberos authentication is required in order to access the lattice QCD computing facilities at Fermilab. For remote users, the following are required:

Fermilab Visitor ID
Fermilab Kerberos Principal
Unix User Accounts on the Home Machines, lqcd.fnal.gov and kaon1.fnal.gov.

Fermilab Visitor ID and Kerberos Principal

If you have previously used computers at Fermilab, you may already have a Visitor ID. Use the Fermilab telephone directory search pages to look for your name. If an entry exists for you and that entry lists a Visitor ID number, record that number for filling out the application form.

The details regarding the Visitor ID application process for a Non-Employee Off-Site Fermilab User can be found at: http://computing.fnal.gov/xms/Services/Getting_Services/Accounts_and_Passwords

You will need to submit the online application form for a Visitor ID and/or Kerberos principal at: http://computing.fnal.gov/cgi-bin/remedy/Remote.pl. In the pulldown menu for "Fermilab Experiment, Division or Section affiliation", select "Lattice QCD". You should check the boxes for a Kerberos Principal and for a CRYTPOCard. We can ship your CRYPTOCard to you.

Unix Account on LQCD

After you have received mail with information about your Kerberos principal, send mail to lqcd-admin@fnal.gov to request an account on the LQCD clusters.

usqcd-webmaster@usqcd.org