FNAL - LQCD Documentation

New Users / Account Renewal

User Authentication

Kerberos and SSH Troubleshooting

Submitting jobs to the TORQUE Batch System

Project Allocations

Software Documentation Details

Hardware Details

Filesystem Details

Mass/Tape Storage Details

Transferring Files

Compilers

Using GPUs

FAQs

Contact Us

New Users / Account Renewal

1. Obtaining a New User Account

2. Renewing your Visitor ID and Kerberos principle

3. Changing your Kerberos password

1. Obtaining a New User Account

Kerberos authentication is required in order to access the Lattice QCD computing facilities at Fermilab. For remote users, the following are required:

  • Fermilab Visitor ID
  • Fermilab Kerberos Principal
  • Unix accounts on the LQCD cluster machines

Step 1. Fermilab Visitor ID and Kerberos Principal

If you have previously used computers at Fermilab, you may already have a Visitor ID. Use the Fermilab telephone directory search pages to look for your name. If an entry exists for you and that entry lists a Visitor ID number, record that number for filling out the application form. The details regarding the Visitor ID application process for a Non-Employee Off-Site Fermilab User can be found at this link (please see the section for Off-site Visitors).

If you never had a Fermilab Visitor ID then you will need to submit the online application form for a Visitor ID and Kerberos principal using this link. In the pulldown menu under "Provide your affiliation", select "Lattice QCD". Important - For Fermilab contact name, please list 'Paul Mackenzie'. For Fermilab contact phone, please list 'x3347'. And for Fermilab contact email, please list 'mackenzie@fnal.gov'

If you have requested or wish to request a RSA SecurID please email us at lqcd-admin@fnal.gov.. We can ship your RSA SecurID to you. What is a RSA SecurID?

Step 2. Unix accounts on the LQCD cluster machines

After you have received email with information about your Kerberos principal and RSA SecurID (if you requested for one), send email to lqcd-admin@fnal.gov to request an account on the LQCD clusters. In the email mention your kerberos principal, identify your project affiliation using the current year allocation table listed here and provide us with your mailing address where we can send your RSA SecurID to (if you requested for one).

2. Renewing your Visitor ID and Kerberos principle

Your Fermilab ID and computer privileges expire at different intervals depending on your classification (employee, contractor, on-site or off-site visitor). If you have received an email from the Fermilab Service Desk about a soon to expire or expired Fermilab Visitor ID and computer privileges then follow the two steps listed below to renew your VID and Kerberos principle. Please note that even when your ID and computer privileges expire we do not erase any user data stored on the Fermilab LQCD clusters.

In case you need to find your VID number then use the Fermilab telephone directory search pages to look for your name. If an entry exists for you and that entry lists a Visitor ID number, record that number for filling out the application

Step 1. Re-read the Fermilab Policy on Computing.

Step 2. Fill out this form to renew your Visitor ID. In the pulldown menu under "Provide your affiliation", select "Lattice QCD". Important - For Fermilab contact name, please list 'Paul Mackenzie'. For Fermilab contact phone, please list 'x3347'. And for Fermilab contact email, please list 'mackenzie@fnal.gov'

If you still need further assistance please email us at lqcd-admin@fnal.gov

3. Changing your Kerberos password

A month before your Kerberos password is set to expire you will receive a reminder email from the Fermilab Service Desk requesting you to change your password as soon as you can. Please do not ignore this reminder email and act upon it as soon as possible since you will lose remote login privileges to the USQCD cluster resources at Fermilab once your Kerberos password has expired.

Follow the instructions for changing your Kerberos password as listed in the "Strong Authentication at Fermilab" manual section 3.3 "Changing your Kerberos Password". Additional notes to pay attention to are appended below:

  • If you don't have an appropriate machine on which to change your password, find someone who does, and borrow his or her command prompt.
  • Do not use a telnet session with RSA SecurID authentication to change your password. Telnet with RSA SecurID authentication uses a clear text session so any password sent can be easily viewed by someone using network sniffer software. If you must run the kpasswd command on a remote system, use an SSH client with RSA SecurID authentication.
  • If you are using WRQ Reflection under Windows, you can use the WRQ Kerberos Manager application to change your Kerberos password. You can find this application by following Start->Programs->Reflection->Utilities. Once you start the Kerberos Manager, select the Change Password option in the Tools menu.
  • If you are using MIT's Kerberos for Windows (KfW) version 2.5 or better (tested 2.6 beta 9), you can use the Leash32 client to change your password.
  • If you are using MIT Kerberos for Windows (KfW) version 3.0 or better with Network Identity Manager (NetIdMgr) and have configured your FNAL.GOV identity in NetIdMgr, you can use NetIdMgr to change your password.
  • If your password expires before you change it, you can still change it as long as you remember what it is. If you don't remember it, you can have it reset by contacting the Service Desk at 630-840-2345
  • Your RSA SecurID will stop working when your kerberos password expires. It will start working again once your password is changed and valid.

If you still need further assistance please email us at lqcd-admin@fnal.gov

usqcd-webmaster@usqcd.org