How to Login

This section covers the procedure for accessing PDC resources . Before following this section, make sure you have a PDC account successfully created and you have recieved your username and password.

In order to log in to PDC computers you require:

  1. A Kerberos installation

  2. A SSH implementation that supports Kerberos.

Logging into PDC is a two stage process. You must first generate Kerberos credentials using kinit, which requires a password, then use those credentials together with SSH to log in to cluster on which you have an active allocation.

General information about Kerberos

PDC uses Kerberos authentication protocol.

alternate text

Kerberos tickets are stored on your local machine, and are then forwarded when you try to log in to the remote system. You’ll need the following software in versions that are appropriate for your operating system:

  • Kerberos v5 software (from Heimdal) - which is necessary for getting a Kerberos ticket, and

  • SSH software supporting GSSAPI with KeyExchange (from modified OpenSSH).

Commonly used Kerberos commands

Here is a list of commonly used kerberos commands for users.

Command

Description

kinit

kinit obtains and caches an initial ticket-granting ticket for principal. kinit [username]@NADA.KTH.SE

klist

klist lists the Kerberos principal and Kerberos tickets held in a credentials cache, or the keys held in a keytab file.

kdestroy

The kdestroy utility destroys the user’s active Kerberos authorization tickets by overwriting and deleting the credentials cache that contains them. If the credentials cache is not specified, the default credentials cache is destroyed.

kpasswd

The kpasswd command is used to change a Kerberos principal’s password. kpasswd first prompts for the current Kerberos password, then prompts the user twice for the new password, and the password is changed.

Login nodes

On our clusters we have several login nodes. Main one and one used as backup in case the first one is out of commission. The login nodenames uses the following syntax…

Cluster

Type

Address

Beskow

Primary

beskow.pdc.kth.se

Tegner

Primary

tegner.pdc.kth.se (tegner-login-1.pdc.kth.se)

Tegner

Secondary

tegner.pdc.kth.se (tegner-login-2.pdc.kth.se)

Beskow login node fingerprints

Type

Hash

Fingerprint

ECDSA

SHA256

oPQwKHSjzCNphyQwmKWng7VhDDDjALc6ItTjq0Nhbe8

ECDSA

MD5

22:e8:03:3f:f6:2d:77:2d:f5:ad:89:16:81:94:fb:6a

ED25519

SHA256

/OhtVDBRgstP9/COMP2xAvuAvUhAwijs5NT2kCLOoKs

ED25519

MD5

bf:df:b7:a1:8c:67:5e:34:5d:5a:d8:d4:7f:09:81:98

RSA

SHA256

oMiRP4a4Ffe7Co8J8E8AD3U/OlrRJfwSzGi4FOKSfcQ

RSA

MD5

6c:54:c7:14:7c:98:ca:35:1b:c5:e2:9f:60:87:c0:f5

Troubleshooting login problems

A lot of solutions for login errors can be found in our FAQ section at Kerberos or at Login

If you do not find a solution, please Contact Support with the following information…

  • Username

  • Which operating system and version you are using

  • Any output/error message you got from

    kinit -f <username>@NADA.KTH.SE
    
  • The output from

    klist -f
    
  • The output from…

    ssh -vvv -o GSSAPIDelegateCredentials=yes -o GSSAPIKeyExchange=yes \
    -o GSSAPIAuthentication=yes <PDC username>@<cluster>.pdc.kth.se