Opened 16 years ago
Closed 15 years ago
#33 closed enhancement (fixed)
Add information on Kerberos logins to scripts to FAQ
| Reported by: | andersk | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | documentation | Keywords: | |
| Cc: |
Description (last modified by andersk)
(Imported from help.mit.edu #548433.)
aseering:
Hm, this'd be useful in general: "Go look at Scripts faq #N; s/scripts.mit.edu/linux.mit.edu/", etc.
Here's some sample text for people to play with, if anyone's interested. Intended to replace the last paragraph of FAQ #41. I used really informal markup; feel free to be un-lazy and make it better / consistent with whatever conventions you have.
If you're trying to log into scripts.mit.edu from home and you don't have an SSH client on your computer, you can log into athena.dialup.mit.edu from <http://athena.dialup.mit.edu/>, and log into scripts from there. You can also log in directly from most personal computers, with the correct software installed. To connect to scripts.mit.edu from a Windows computer, install MIT SecureCRT and Kerberos For Win from <http://web.mit.edu/software/win.html >. Then, open MIT SecureCRT (from the Start menu). Click the "Quick Connect" button in the toolbar of the Sessions dialog box that appears (the second button from the left). Fill out the dialog that appears, as follows: Protocol: SSH2 Hostname: scripts.mit.edu Port: 22 Firewall: None Username: /Athena Username/ If you are connecting to a group locker, replace /Athena Username/ with the name of the locker. In the "Authentication" selectbox, scroll down and click on "GSSAPI" to highlight it. Make sure that the checkbox beside it is checked. Then, use the black arrows to the right of the box to move "GSSAPI" to the top of the list of Authentication methods. Then, click "Connect" to connect to scripts.mit.edu. You may be prompted for your MIT username and password; if so, enter them. To connect to scripts.mit.edu from a Mac, download and install the MIT Kerberos Extras from <http://web.mit.edu/software/mac.html>. Then, open "Terminal" (in /Applications/Utilities/), and type: kinit /Athena Username/ ssh -k /Athena Username/@scripts.mit.edu If you're connecting to a group locker, replace /Athena Username/ with the name of the locker you want to connect to. The "-k" flag to ssh doesn't exist for older MacOS X versions. For these versions and with Apple's default ssh configuration, it is safe to not use this flag. If you have customized your ssh configuration, make sure you have "GSSAPIAuthentication yes" and "GSSAPIDelegateCredentials no" set for scripts.mit.edu. To connect from a Linux (or other UNIX) computer, install ssh and Kerberos, and set up Kerberos to use the ATHENA.MIT.EDU realm. Many Linux distributions provide packages that can do this for you. Then, run the two Mac command-line commands listed above.
Change History (4)
comment:1 Changed 16 years ago by andersk
- Description modified (diff)
comment:2 Changed 16 years ago by quentin
comment:3 Changed 16 years ago by anonymous
Installing the Kerberos Extras turns on GSSAPIAuthentication, so -k for Macs shouldn't be necessary. The only problem is that one of the updates to 10.4 turned it back off again.
comment:4 Changed 15 years ago by quentin
- Resolution set to fixed
- Status changed from new to closed
I've put text similar to this in the FAQ.
Note: See
TracTickets for help on using
tickets.
There were versions of OS X that did not have GSSAPI authentication enabled by default and did not support -k, so we can't simply tell them to not worry about it if their ssh doesn't take -k.