Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • sccs/docs.it4i.cz
  • soj0018/docs.it4i.cz
  • lszustak/docs.it4i.cz
  • jarosjir/docs.it4i.cz
  • strakpe/docs.it4i.cz
  • beranekj/docs.it4i.cz
  • tab0039/docs.it4i.cz
  • davidciz/docs.it4i.cz
  • gui0013/docs.it4i.cz
  • mrazek/docs.it4i.cz
  • lriha/docs.it4i.cz
  • it4i-vhapla/docs.it4i.cz
  • hol0598/docs.it4i.cz
  • sccs/docs-it-4-i-cz-fumadocs
  • siw019/docs-it-4-i-cz-fumadocs
15 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 970 additions and 0 deletions
docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/graphical-user-interface.md 0 → 100644
View file @ 7d998a7e
Graphical User Interface
========================
X Window System
---------------
The X Window system is a principal way to get GUI access to the clusters.
Read more about configuring [**X Window System**](x-window-system/).
VNC
---
The **Virtual Network Computing** (**VNC**) is a graphical [desktop sharing](http://en.wikipedia.org/wiki/Desktop_sharing "Desktop sharing") system that uses the [Remote Frame Buffer protocol (RFB)](http://en.wikipedia.org/wiki/RFB_protocol "RFB protocol") to remotely control another [computer](http://en.wikipedia.org/wiki/Computer "Computer").
Read more about configuring **[VNC](vnc/)**.
docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/vnc.md 0 → 100644
View file @ 7d998a7e
VNC
===
The **Virtual Network Computing** (**VNC**) is a graphical [desktop sharing](http://en.wikipedia.org/wiki/Desktop_sharing "Desktop sharing") system that uses the [Remote Frame Buffer protocol (RFB)](http://en.wikipedia.org/wiki/RFB_protocol "RFB protocol") to remotely control another [computer](http://en.wikipedia.org/wiki/Computer "Computer"). It transmits the [keyboard](http://en.wikipedia.org/wiki/Computer_keyboard "Computer keyboard") and [mouse](http://en.wikipedia.org/wiki/Computer_mouse") events from one computer to another, relaying the graphical [screen](http://en.wikipedia.org/wiki/Computer_screen "Computer screen") updates back in the other direction, over a [network](http://en.wikipedia.org/wiki/Computer_network "Computer network").
The recommended clients are [TightVNC](http://www.tightvnc.com) or[TigerVNC](http://sourceforge.net/apps/mediawiki/tigervnc/index.php?title=Main_Page) (free, open source, available for almost any platform).
Create VNC password
-------------------
!!! Note "Note"
Local VNC password should be set before the first login. Do use a strong password.
```bash
[username@login2 ~]$ vncpasswd
Password:
Verify:
```
Start vncserver
---------------
!!! Note "Note"
To access VNC a local vncserver must be started first and also a tunnel using SSH port forwarding must be established.
[See below](vnc.md#linux-example-of-creating-a-tunnel) for the details on SSH tunnels. In this example we use port 61.
You can find ports which are already occupied. Here you can see that ports " /usr/bin/Xvnc :79" and " /usr/bin/Xvnc :60" are occupied.
```bash
[username@login2 ~]$ ps aux | grep Xvnc
username 5971 0.0 0.0 201072 92564 ? SN Sep22 4:19 /usr/bin/Xvnc :79 -desktop login2:79 (username) -auth /home/gre196/.Xauthority -geometry 1024x768 -rfbwait 30000 -rfbauth /home/username/.vnc/passwd -rfbport 5979 -fp catalogue:/etc/X11/fontpath.d -pn
username 10296 0.0 0.0 131772 21076 pts/29 SN 13:01 0:01 /usr/bin/Xvnc :60 -desktop login2:61 (username) -auth /home/username/.Xauthority -geometry 1600x900 -depth 16 -rfbwait 30000 -rfbauth /home/jir13/.vnc/passwd -rfbport 5960 -fp catalogue:/etc/X11/fontpath.d -pn
.....
```
Choose free port e.g. 61 and start your VNC server:
```bash
[username@login2 ~]$ vncserver :61 -geometry 1600x900 -depth 16
New 'login2:1 (username)' desktop is login2:1
Starting applications specified in /home/username/.vnc/xstartup
Log file is /home/username/.vnc/login2:1.log
```
Check if VNC server is started on the port (in this example 61):
```bash
[username@login2 .vnc]$ vncserver -list
TigerVNC server sessions:
X DISPLAY # PROCESS ID
:61 18437
```
Another command:
```bash
[username@login2 .vnc]$ ps aux | grep Xvnc
username 10296 0.0 0.0 131772 21076 pts/29 SN 13:01 0:01 /usr/bin/Xvnc :61 -desktop login2:61 (username) -auth /home/jir13/.Xauthority -geometry 1600x900 -depth 16 -rfbwait 30000 -rfbauth /home/username/.vnc/passwd -rfbport 5961 -fp catalogue:/etc/X11/fontpath.d -pn
```
To access the VNC server you have to create a tunnel between the login node using TCP **port 5961** and your machine using a free TCP port (for simplicity the very same, in this case).
!!! Note "Note"
The tunnel must point to the same login node where you launched the VNC server, eg. login2. If you use just cluster-name.it4i.cz, the tunnel might point to a different node due to DNS round robin.
###Linux/Mac OS example of creating a tunnel
At your machine, create the tunnel:
```bash
local $ ssh -TN -f username@login2.cluster-name.it4i.cz -L 5961:localhost:5961
```
Issue the following command to check the tunnel is established (please note the PID 2022 in the last column, you'll need it for closing the tunnel):
```bash
local $ netstat -natp | grep 5961
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:5961 0.0.0.0:* LISTEN 2022/ssh
tcp6 0 0 ::1:5961 :::* LISTEN 2022/ssh
```
Or on Mac OS use this command:
```bash
local-mac $ lsof -n -i4TCP:5961 | grep LISTEN
ssh 75890 sta545 7u IPv4 0xfb062b5c15a56a3b 0t0 TCP 127.0.0.1:5961 (LISTEN)
```
Connect with the VNC client:
```bash
local $ vncviewer 127.0.0.1:5961
```
In this example, we connect to VNC server on port 5961, via the ssh tunnel. The connection is encrypted and secured. The VNC server listening on port 5961 provides screen of 1600x900 pixels.
You have to destroy the SSH tunnel which is still running at the background after you finish the work. Use the following command (PID 2022 in this case, see the netstat command above):
```bash
kill 2022
```
### Windows example of creating a tunnel
Use PuTTY to log in on cluster.
Start vncserver using command vncserver described above.
Search for the localhost and port number (in this case 127.0.0.1:5961).
```bahs
[username@login2 .vnc]$ netstat -tanp | grep Xvnc
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:5961 0.0.0.0:* LISTEN 24031/Xvnc
```
On the PuTTY Configuration screen go to Connection->SSH->Tunnels to set up the tunnel.
Fill the Source port and Destination fields. **Do not forget to click the Add button**.
![](../../../img/putty-tunnel.png)
Run the VNC client of your choice, select VNC server 127.0.0.1, port 5961 and connect using VNC password.
### Example of starting TigerVNC viewer
![](../../../img/vncviewer.png)
In this example, we connect to VNC server on port 5961, via the ssh tunnel, using TigerVNC viewer. The connection is encrypted and secured. The VNC server listening on port 5961 provides screen of 1600x900 pixels.
### Example of starting TightVNC Viewer
Use your VNC password to log using TightVNC Viewer and start a Gnome Session on the login node.
![](../../../img/TightVNC_login.png)
Gnome session
-------------
You should see after the successful login.
![](../../../img/gnome_screen.png)
###Disable your Gnome session screensaver
Open Screensaver preferences dialog:
![](../../../img/gdmscreensaver.png)
Uncheck both options below the slider:
![](../../../img/gdmdisablescreensaver.png)
### Kill screensaver if locked screen
If the screen gets locked you have to kill the screensaver. Do not to forget to disable the screensaver then.
```bash
[username@login2 .vnc]$ ps aux | grep screen
username 1503 0.0 0.0 103244 892 pts/4 S+ 14:37 0:00 grep screen
username 24316 0.0 0.0 270564 3528 ? Ss 14:12 0:00 gnome-screensaver
[username@login2 .vnc]$ kill 24316
```
### Kill vncserver after finished work
You should kill your VNC server using command:
```bash
[username@login2 .vnc]$ vncserver -kill :61
Killing Xvnc process ID 7074
Xvnc process ID 7074 already killed
```
Or this way:
```bash
[username@login2 .vnc]$ pkill vnc
```
GUI applications on compute nodes over VNC
------------------------------------------
The very same methods as described above, may be used to run the GUI applications on compute nodes. However, for maximum performance, proceed following these steps:
Open a Terminal (Applications -> System Tools -> Terminal). Run all the next commands in the terminal.
![](../../../img/gnome-terminal.png)
Allow incoming X11 graphics from the compute nodes at the login node:
```bash
$ xhost +
```
Get an interactive session on a compute node (for more detailed info [look here](../../../anselm-cluster-documentation/resource-allocation-and-job-execution/job-submission-and-execution/)). Use the **-v DISPLAY** option to propagate the DISPLAY on the compute node. In this example, we want a complete node (24 cores in this example) from the production queue:
```bash
$ qsub -I -v DISPLAY=$(uname -n):$(echo $DISPLAY | cut -d ':' -f 2) -A PROJECT_ID -q qprod -l select=1:ncpus=24
```
Test that the DISPLAY redirection into your VNC session works, by running a X11 application (e. g. XTerm) on the assigned compute node:
```bash
$ xterm
```
Example described above:
![](../../../img/gnome-compute-nodes-over-vnc.png)
docs.it4i/get-started-with-it4innovations/accessing-the-clusters/graphical-user-interface/x-window-system.md 0 → 100644
View file @ 7d998a7e
X Window System
===============
The X Window system is a principal way to get GUI access to the clusters. The **X Window System** (commonly known as **X11**, based on its current major version being 11, or shortened to simply **X**, and sometimes informally **X-Windows**) is a computer software system and network [protocol](http://en.wikipedia.org/wiki/Protocol_%28computing%29 "Protocol (computing)") that provides a basis for [graphical user interfaces](http://en.wikipedia.org/wiki/Graphical_user_interface "Graphical user interface") (GUIs) and rich input device capability for [networked computers](http://en.wikipedia.org/wiki/Computer_network "Computer network").
!!! Note "Note"
The X display forwarding must be activated and the X server running on client side
### X display
In order to display graphical user interface GUI of various software tools, you need to enable the X display forwarding. On Linux and Mac, log in using the -X option tho ssh client:
```bash
local $ ssh -X username@cluster-name.it4i.cz
```
### X Display Forwarding on Windows
On Windows use the PuTTY client to enable X11 forwarding. In PuTTY menu, go to Connection->SSH->X11, mark the Enable X11 forwarding checkbox before logging in. Then log in as usual.
To verify the forwarding, type
```bash
$ echo $DISPLAY
```
if you receive something like
```bash
localhost:10.0
```
then the X11 forwarding is enabled.
### X Server
In order to display graphical user interface GUI of various software tools, you need running X server on your desktop computer. For Linux users, no action is required as the X server is the default GUI environment on most Linux distributions. Mac and Windows users need to install and run the X server on their workstations.
### X Server on OS X
Mac OS users need to install [XQuartz server](http://xquartz.macosforge.org/landing/).
### X Server on Windows
There are variety of X servers available for Windows environment. The commercial Xwin32 is very stable and rich featured. The Cygwin environment provides fully featured open-source XWin X server. For simplicity, we recommend open-source X server by the [Xming project](http://sourceforge.net/projects/xming/). For stability and full features we recommend the
[XWin](http://x.cygwin.com/) X server by Cygwin
|How to use Xwin |How to use Xming |
| --- | --- |
|[Install Cygwin](http://x.cygwin.com/) Find and execute XWin.exeto start the X server on Windows desktop computer.[If no able to forward X11 using PuTTY to CygwinX](cygwin-and-x11-forwarding/) |<p>Use Xlaunch to configure the Xming.<p>Run Xmingto start the X server on Windows desktop computer.|
Read more on [http://www.math.umn.edu/systems_guide/putty_xwin32.html](http://www.math.umn.edu/systems_guide/putty_xwin32.shtml)
### Running GUI Enabled Applications
!!! Note "Note"
Make sure that X forwarding is activated and the X server is running.
Then launch the application as usual. Use the & to run the application in background.
```bash
$ module load intel (idb and gvim not installed yet)
$ gvim &
```
```bash
$ xterm
```
In this example, we activate the intel programing environment tools, then start the graphical gvim editor.
### GUI Applications on Compute Nodes
Allocate the compute nodes using -X option on the qsub command
```bash
$ qsub -q qexp -l select=2:ncpus=24 -X -I
```
In this example, we allocate 2 nodes via qexp queue, interactively. We request X11 forwarding with the -X option. It will be possible to run the GUI enabled applications directly on the first compute node.
**Better performance** is obtained by logging on the allocated compute node via ssh, using the -X option.
```bash
$ ssh -X r24u35n680
```
In this example, we log in on the r24u35n680 compute node, with the X11 forwarding enabled.
### The Gnome GUI Environment
The Gnome 2.28 GUI environment is available on the clusters. We recommend to use separate X server window for displaying the Gnome environment.
### Gnome on Linux and OS X
To run the remote Gnome session in a window on Linux/OS X computer, you need to install Xephyr. Ubuntu package is
xserver-xephyr, on OS X it is part of [XQuartz](http://xquartz.macosforge.org/landing/). First, launch Xephyr on local machine:
```bash
local $ Xephyr -ac -screen 1024x768 -br -reset -terminate :1 &
```
This will open a new X window with size 1024x768 at DISPLAY :1. Next, ssh to the cluster with DISPLAY environment variable set and launch gnome-session
```bash
local $ DISPLAY=:1.0 ssh -XC yourname@cluster-name.it4i.cz -i ~/.ssh/path_to_your_key
... cluster-name MOTD...
yourname@login1.cluster-namen.it4i.cz $ gnome-session &
```
On older systems where Xephyr is not available, you may also try Xnest instead of Xephyr. Another option is to launch a new X server in a separate console, via:
```bash
xinit /usr/bin/ssh -XT -i .ssh/path_to_your_key yourname@cluster-namen.it4i.cz gnome-session -- :1 vt12
```
However this method does not seem to work with recent Linux distributions and you will need to manually source
/etc/profile to properly set environment variables for PBS.
### Gnome on Windows
Use Xlaunch to start the Xming server or run the XWin.exe. Select the "One window" mode.
Log in to the cluster, using PuTTY. On the cluster, run the gnome-session command.
```bash
$ gnome-session &
```
In this way, we run remote gnome session on the cluster, displaying it in the local X server
Use System-&gt;Log Out to close the gnome-session
docs.it4i/get-started-with-it4innovations/accessing-the-clusters/introduction.md 0 → 100644
View file @ 7d998a7e
Accessing the Clusters
======================
The IT4Innovations clusters are accessed by SSH protocol via login nodes.
!!! Note "Note"
Read more on [Accessing the Salomon Cluster](../../salomon/accessing-the-cluster/accessing-the-cluster/)r or [Accessing the Anselm Cluster](../../anselm-cluster-documentation/accessing-the-cluster/shell-and-data-access/) pages.
### PuTTY
On **Windows**, use [PuTTY ssh client](shell-access-and-data-transfer/putty/).
### SSH keys
Read more about [SSH keys management](shell-access-and-data-transfer/ssh-keys/).
docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/pageant.md 0 → 100644
View file @ 7d998a7e
Pageant SSH agent
=================
Pageant holds your private key in memory without needing to retype a passphrase on every login.
- Run Pageant.
- On Pageant Key List press *Add key* and select your private key (id_rsa.ppk).
- Enter your passphrase.
- Now you have your private key in memory without needing to retype a passphrase on every login.
![](../../../img/PageantV.png)
docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/putty.md 0 → 100644
View file @ 7d998a7e
PuTTY
=====
PuTTY - before we start SSH connection
---------------------------------------------------------------------------------
### Windows PuTTY Installer
We recommned you to download "**A Windows installer for everything except PuTTYtel**" with **Pageant** (SSH authentication agent) and **PuTTYgen** (PuTTY key generator) which is available [here](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html).
!!! Note "Note"
After installation you can proceed directly to private keys authentication using ["Putty"](putty#putty).
"Change Password for Existing Private Key" is optional.
"Generate a New Public/Private key pair" is intended for users without Public/Private key in the initial email containing login credentials.
"Pageant" is optional.
### PuTTYgen
PuTTYgen is the PuTTY key generator. Read more how to load in an existing private key and change your passphrase or generate a new public/private key pair using [PuTTYgen](puttygen) if needed.
### Pageant SSH agent
[Pageant](pageant) holds your private key in memory without needing to retype a passphrase on every login. We recommend its usage.
PuTTY - how to connect to the IT4Innovations cluster
--------------------------------------------------------
- Run PuTTY
- Enter Host name and Save session fields with [Login address](../../../salomon/accessing-the-cluster/accessing-the-cluster/) and browse Connection - &gt; SSH -&gt; Auth menu. The *Host Name* input may be in the format **"username@clustername.it4i.cz"** so you don't have to type your login each time.In this example we will connect to the Salomon cluster using **"salomon.it4i.cz"**.
![](../../../img/PuTTY_host_Salomon.png)
- Category -&gt; Connection - &gt; SSH -&gt; Auth:
Select Attempt authentication using Pageant.
Select Allow agent forwarding.
Browse and select your [private key](ssh-keys/) file.
![](../../../img/PuTTY_keyV.png)
- Return to Session page and Save selected configuration with *Save* button.
![](../../../img/PuTTY_save_Salomon.png)
- Now you can log in using *Open* button.
![](../../../img/PuTTY_open_Salomon.png)
- Enter your username if the *Host Name* input is not in the format "username@salomon.it4i.cz".
- Enter passphrase for selected [private key](ssh-keys/) file if Pageant **SSH authentication agent is not used.**
Another PuTTY Settings
----------------------
- Category -&gt; Windows -&gt; Translation -&gt; Remote character set and select **UTF-8**.
- Category -&gt; Terminal -&gt; Features and select **Disable application keypad mode** (enable numpad)
- Save your configuration on Session page in to Default Settings with *Save* button.
docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/puttygen.md 0 → 100644
View file @ 7d998a7e
PuTTY key generator
===================
PuTTYgen is the PuTTY key generator. You can load in an existing private key and change your passphrase or generate a new public/private key pair.
### Change Password for Existing Private Key
You can change the password of your SSH key with "PuTTY Key Generator". Make sure to backup the key.
- Load your [private key](../shell-access-and-data-transfer/ssh-keys/) file with *Load* button.
- Enter your current passphrase.
- Change key passphrase.
- Confirm key passphrase.
- Save your private key with *Save private key* button.
![](../../../img/PuttyKeygeneratorV.png)
### Generate a New Public/Private key
You can generate an additional public/private key pair and insert public key into authorized_keys file for authentication with your own private key.
- Start with *Generate* button.
![](../../../img/PuttyKeygenerator_001V.png)
- Generate some randomness.
![](../../../img/PuttyKeygenerator_002V.png)
- Wait.
![](../../../img/PuttyKeygenerator_003V.png)
- Enter a *comment* for your key using format 'username@organization.example.com'.
Enter key passphrase.
Confirm key passphrase.
Save your new private key `in "*.ppk" `format with *Save private key* button.
![](../../../img/PuttyKeygenerator_004V.png)
- Save the public key with *Save public key* button.
You can copy public key out of the ‘Public key for pasting into authorized_keys file’ box.
![](../../../img/PuttyKeygenerator_005V.png)
- Export private key in OpenSSH format "id_rsa" using Conversion -&gt; Export OpenSSH key
![](../../../img/PuttyKeygenerator_006V.png)
- Now you can insert additional public key into authorized_keys file for authentication with your own private key.
You must log in using ssh key received after registration. Then proceed to [How to add your own key](../shell-access-and-data-transfer/ssh-keys/).
docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md 0 → 100644
View file @ 7d998a7e
SSH keys
========
Key management
-------------------------------------------------------------------
After logging in, you can see .ssh/ directory with SSH keys and authorized_keys file:
```bash
$ cd /home/username/
$ ls -la .ssh/
total 24
drwx------ 2 username username 4096 May 13 15:12 .
drwxr-x---22 username username 4096 May 13 07:22 ..
-rw-r--r-- 1 username username 392 May 21 2014 authorized_keys
-rw------- 1 username username 1675 May 21 2014 id_rsa
-rw------- 1 username username 1460 May 21 2014 id_rsa.ppk
-rw-r--r-- 1 username username 392 May 21 2014 id_rsa.pub
```
!!! Note "Note"
Please note that private keys in .ssh directory are without passphrase and allow you to connect within the cluster.
### Access privileges on .ssh folder
- .ssh directory: 700 (drwx------)
- Authorized_keys, known_hosts and public key (.pub file): 644 (-rw-r--r--)
- Private key (id_rsa/id_rsa.ppk): 600 (-rw-------)
```bash
cd /home/username/
chmod 700 .ssh/
chmod 644 .ssh/authorized_keys
chmod 644 .ssh/id_rsa.pub
chmod 644 .ssh/known_hosts
chmod 600 .ssh/id_rsa
chmod 600 .ssh/id_rsa.ppk
```
Private key
-----------
!!! Note "Note"
The path to a private key is usually /home/username/.ssh/
Private key file in "id_rsa" or `"*.ppk" `format is used to authenticate with the servers. Private key is present locally on local side and used for example in SSH agent Pageant (for Windows users). The private key should always be kept in a safe place.
An example of private key format:
```bash
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAqbo7jokygnBpG2wYa5NB45ns6+UKTNLMLHF0BO3zmRtKEElE
aGqXfbYwvXlcuRb2d9/Y5dVpCZHV0kbY3NhtVOcEIe+1ROaiU9BEsUAhMNEvgiLV
gSql4QvRO4BWPlM8+WAWXDp3oeoBh8glXyuh9teb8yq98fv1r1peYGRrW3/s4V+q
O1SQ0XY2T7rWCYRLIP6rTMXArTI35v3WU513mn7nm1fJ7oN0QgVH5b0W9V1Kyc4l
9vILHeMXxvz+i/5jTEfLOJpiRGYZYcaYrE4dIiHPl3IlbV7hlkK23Xb1US8QJr5G
ADxp1VTkHjY+mKagEfxl1hQIb42JLHhKMEGqNQIDAQABAoIBAQCkypPuxZjL+vai
UGa5dAWiRZ46P2yrwHPKpvEdpCdDPbLAc1K/CtdBkHZsUPxNHVV6eFWweW99giIY
Av+mFWC58X8asBHQ7xkmxW0cqAZRzpkRAl9IBS9/fKjO28Fgy/p+suOi8oWbKIgJ
3LMkX0nnT9oz1AkOfTNC6Tv+3SE7eTj1RPcMjur4W1Cd1N3EljLszdVk4tLxlXBS
yl9NzVnJJbJR4t01l45VfFECgYEAno1WJSB/SwdZvS9GkfhvmZd3r4vyV9Bmo3dn
XZAh8HRW13imOnpklDR4FRe98D9A7V3yh9h60Co4oAUd6N+Oc68/qnv/8O9efA+M
/neI9ANYFo8F0+yFCp4Duj7zPV3aWlN/pd8TNzLqecqh10uZNMy8rAjCxybeZjWd
DyhgywXhAoGBAN3BCazNefYpLbpBQzwes+f2oStvwOYKDqySWsYVXeVgUI+OWTVZ
eZ26Y86E8MQO+q0TIxpwou+TEaUgOSqCX40Q37rGSl9K+rjnboJBYNCmwVp9bfyj
kCLL/3g57nTSqhgHNa1xwemePvgNdn6FZteA8sXiCg5ZzaISqWAffek5AoGBAMPw
V/vwQ96C8E3l1cH5cUbmBCCcfXM2GLv74bb1V3SvCiAKgOrZ8gEgUiQ0+TfcbAbe
7MM20vRNQjaLTBpai/BTbmqM1Q+r1KNjq8k5bfTdAoGANgzlNM9omM10rd9WagL5
yuJcal/03p048mtB4OI4Xr5ZJISHze8fK4jQ5veUT9Vu2Fy/w6QMsuRf+qWeCXR5
RPC2H0JzkS+2uZp8BOHk1iDPqbxWXJE9I57CxBV9C/tfzo2IhtOOcuJ4LY+sw+y/
ocKpJbdLTWrTLdqLHwicdn8OxeWot1mOukyK2l0UeDkY6H5pYPtHTpAZvRBd7ETL
Zs2RP3KFFvho6aIDGrY0wee740/jWotx7fbxxKwPyDRsbH3+1Wx/eX2RND4OGdkH
gejJEzpk/7y/P/hCad7bSDdHZwO+Z03HIRC0E8yQz+JYatrqckaRCtd7cXryTmTR
FbvLJmECgYBDpfno2CzcFJCTdNBZFi34oJRiDb+HdESXepk58PcNcgK3R8PXf+au
OqDBtZIuFv9U1WAg0gzGwt/0Y9u2c8m0nXziUS6AePxy5sBHs7g9C9WeZRz/nCWK
+cHIm7XOwBEzDKz5f9eBqRGipm0skDZNKl8X/5QMTT5K3Eci2n+lTw==
-----END RSA PRIVATE KEY-----
```
Public key
----------
Public key file in "*.pub" format is used to verify a digital signature. Public key is present on the remote side and allows access to the owner of the matching private key.
An example of public key format:
```bash
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpujuOiTKCcGkbbBhrk0Hjmezr5QpM0swscXQE7fOZG0oQSURoapd9tjC9eVy5FvZ339jl1WkJkdXSRtjc2G1U5wQh77VE5qJT0ESxQCEw0S+CItWBKqXhC9E7gFY+UyP5YBZcOneh6gGHyCVfK6H215vzKr3x+/WvWl5gZGtbf+zhX6o4RJDRdjZPutYJhEsg/qtMxcCtMjfm/dZTnXeafuebV8nug3RCBUflvRb1XUrJuiX28gsd4xfG/P6L/mNMR8s4kmJEZhlhxpj8Th0iIc+XciVtXuGWQrbddcVRLxAmvkYAPGnVVOQeNj69pqAR/GXaFAhvjYkseEowQao1 username@organization.example.com
```
### How to add your own key
First, generate a new keypair of your public and private key:
```bash
local $ ssh-keygen -C 'username@organization.example.com' -f additional_key
```
!!! Note "Note"
Please, enter **strong** **passphrase** for securing your private key.
You can insert additional public key into authorized_keys file for authentication with your own private key. Additional records in authorized_keys file must be delimited by new line. Users are not advised to remove the default public key from authorized_keys file.
Example:
```bash
$ cat additional_key.pub > ~/.ssh/authorized_keys
```
In this example, we add an additional public key, stored in file additional_key.pub into the authorized_keys. Next time we log in, we will be able to use the private addtional_key key to log in.
### How to remove your own key
Removing your key from authorized_keys can be done simply by deleting the corresponding public key which can be identified by a comment at the end of line (eg. username@organization.example.com).
docs.it4i/get-started-with-it4innovations/accessing-the-clusters/shell-access-and-data-transfer/vpn-connection-fail-in-win-8.1.md 0 → 100644
View file @ 7d998a7e
VPN - Connection fail in Win 8.1
================================
**Failed to initialize connection subsystem Win 8.1 - 02-10-15 MS patch**
AnyConnect users on Windows 8.1 will receive a "Failed to initialize connection subsystem" error after installing the Windows 8.1 02/10/15 security patch. This OS defect introduced with the 02/10/15 patch update will also impact WIndows 7 users with IE11. Windows Server 2008/2012 are also impacted by this defect, but neither is a supported OS for AnyConnect.
**Workaround:**
- Close the Cisco AnyConnect Window and the taskbar mini-icon
- Right click vpnui.exe in the 'Cisco AnyConnect Secure Mobility Client' folder. (C:Program Files (x86)CiscoCisco AnyConnect Secure Mobility Client)
- Click on the 'Run compatibility troubleshooter' button
- Choose 'Try recommended settings'
- The wizard suggests Windows 8 compatibility.
- Click 'Test Program'. This will open the program.
- Close
![](../../../img/vpnuiV.png)
docs.it4i/get-started-with-it4innovations/applying-for-resources.md 0 → 100644
View file @ 7d998a7e
Applying for Resources
======================
Computational resources may be allocated by any of the following [Computing resources allocation](http://www.it4i.cz/computing-resources-allocation/?lang=en) mechanisms.
Academic researchers can apply for computational resources via [Open Access Competitions](http://www.it4i.cz/open-access-competition/?lang=en&lang=en).
Anyone is welcomed to apply via the [Directors Discretion.](http://www.it4i.cz/obtaining-computational-resources-through-directors-discretion/?lang=en&lang=en)
Foreign (mostly European) users can obtain computational resources via the [PRACE (DECI) program](http://www.prace-ri.eu/DECI-Projects).
In all cases, IT4Innovations’ access mechanisms are aimed at distributing computational resources while taking into account the development and application of supercomputing methods and their benefits and usefulness for society. The applicants are expected to submit a proposal. In the proposal, the applicants **apply for a particular amount of core-hours** of computational resources. The requested core-hours should be substantiated by scientific excellence of the proposal, its computational maturity and expected impacts. Proposals do undergo a scientific, technical and economic evaluation. The allocation decisions are based on this evaluation. More information at [Computing resources allocation](http://www.it4i.cz/computing-resources-allocation/?lang=en) and [Obtaining Login Credentials](obtaining-login-credentials/obtaining-login-credentials/) page.
docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/certificates-faq.md 0 → 100644
View file @ 7d998a7e
Certificates FAQ
================
FAQ about certificates in general
Q: What are certificates?
-------------------------
IT4Innovations employs X.509 certificates for secure communication (e. g. credentials exchange) and for grid services related to PRACE, as they present a single method of authentication for all PRACE services, where only one password is required.
There are different kinds of certificates, each with a different scope of use. We mention here:
- User (Private) certificates
- Certificate Authority (CA) certificates
- Host certificates
- Service certificates
**However, users need only manage User and CA certificates. Note that your user certificate is protected by an associated private key, and this private key must never be disclosed**.
Q: Which X.509 certificates are recognised by IT4Innovations?
-------------------------------------------------------------
Any certificate that has been issued by a Certification Authority (CA) from a member of the IGTF ([http:www.igtf.net](http://www.igtf.net/)) is recognised by IT4Innovations: European certificates are issued by members of the EUGridPMA ([https://www.eugridmpa.org](https://www.eugridpma.org/)), which is part if the IGTF and coordinates the trust fabric for e-Science Grid authentication within Europe. Further the Czech *"Qualified certificate" (Kvalifikovaný certifikát)* (provided by <http://www.postsignum.cz/> or <http://www.ica.cz/Kvalifikovany-certifikat.aspx>), that is used in electronic contact with Czech public authorities is accepted.
Q: How do I get a User Certificate that can be used with IT4Innovations?
------------------------------------------------------------------------
To get a certificate, you must make a request to your local, IGTF approved, Certificate Authority (CA). Usually you then must visit, in person, your nearest Registration Authority (RA) to verify your affiliation and identity (photo identification is required). Usually, you will then be emailed details on how to retrieve your certificate, although procedures can vary between CAs. If you are in Europe, you can locate your trusted CA via <http://www.eugridpma.org/members/worldmap>.
In some countries certificates can also be retrieved using the TERENA Certificate Service, see the FAQ below for the link.
Q: Does IT4Innovations support short lived certificates (SLCS)?
---------------------------------------------------------------
Yes, provided that the CA which provides this service is also a member of IGTF.
Q: Does IT4Innovations support the TERENA certificate service?
--------------------------------------------------------------
Yes, ITInnovations supports TERENA eScience personal certificates. For more information, please visit [https://tcs-escience-portal.terena.org](https://tcs-escience-portal.terena.org/), where you also can find if your organisation/country can use this service
Q: What format should my certificate take?
------------------------------------------
User Certificates come in many formats, the three most common being the ’PKCS12’, ’PEM’ and the JKS formats.
The PKCS12 (often abbreviated to ’p12’) format stores your user certificate, along with your associated private key, in a single file. This form of your certificate is typically employed by web browsers, mail clients, and grid services like UNICORE, DART, gsissh-term and Globus toolkit (GSI-SSH, GridFTP and GRAM5).
The PEM format (*.pem) stores your user certificate and your associated private key in two separate files. This form of your certificate can be used by PRACE’s gsissh-term and with the grid related services like Globus toolkit (GSI-SSH, GridFTP and GRAM5).
To convert your Certificate from PEM to p12 formats, and *vice versa*, IT4Innovations recommends using the openssl tool (see separate FAQ entry).
JKS is the Java KeyStore and may contain both your personal certificate with your private key and a list of your trusted CA certificates. This form of your certificate can be used by grid services like DART and UNICORE6.
To convert your Certificate from p12 to JKS, IT4Innovations recommends using the keytool utiliy (see separate FAQ entry).
Q: What are CA certificates?
----------------------------
Certification Authority (CA) certificates are used to verify the link between your user certificate and the authority which issued it. They are also used to verify the link between the host certificate of a IT4Innovations server and the CA which issued that certificate. In essence they establish a chain of trust between you and the target server. Thus, for some grid services, users must have a copy of all the CA certificates.
To assist users, SURFsara (a member of PRACE) provides a complete and up-to-date bundle of all the CA certificates that any PRACE user (or IT4Innovations grid services user) will require. Bundle of certificates, in either p12, PEM or JKS formats, are available from <http://winnetou.sara.nl/prace/certs/>.
It is worth noting that gsissh-term and DART automatically updates their CA certificates from this SURFsara website. In other cases, if you receive a warning that a server’s certificate can not be validated (not trusted), then please update your CA certificates via the SURFsara website. If this fails, then please contact the IT4Innovations helpdesk.
Lastly, if you need the CA certificates for a personal Globus 5 installation, then you can install the CA certificates from a MyProxy server with the following command.
```bash
myproxy-get-trustroots -s myproxy-prace.lrz.de
```
If you run this command as ’root’, then it will install the certificates into /etc/grid-security/certificates. If you run this not as ’root’, then the certificates will be installed into $HOME/.globus/certificates. For Globus, you can download the globuscerts.tar.gz packet from <http://winnetou.sara.nl/prace/certs/>.
Q: What is a DN and how do I find mine?
---------------------------------------
DN stands for Distinguished Name and is part of your user certificate. IT4Innovations needs to know your DN to enable your account to use the grid services. You may use openssl (see below) to determine your DN or, if your browser contains your user certificate, you can extract your DN from your browser.
For Internet Explorer users, the DN is referred to as the "subject" of your certificate. Tools-&gt;Internet Options-&gt;Content-&gt;Certificates-&gt;View-&gt;Details-&gt;Subject.
For users running Firefox under Windows, the DN is referred to as the "subject" of your certificate. Tools-&gt;Options-&gt;Advanced-&gt;Encryption-&gt;View Certificates. Highlight your name and then Click View-&gt;Details-&gt;Subject.
Q: How do I use the openssl tool?
---------------------------------
The following examples are for Unix/Linux operating systems only.
To convert from PEM to p12, enter the following command:
```bash
openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out
username.p12
```
To convert from p12 to PEM, type the following *four* commands:
```bash
openssl pkcs12 -in username.p12 -out usercert.pem -clcerts -nokeys
openssl pkcs12 -in username.p12 -out userkey.pem -nocerts
chmod 444 usercert.pem
chmod 400 userkey.pem
```
To check your Distinguished Name (DN), enter the following command:
```bash
openssl x509 -in usercert.pem -noout -subject -nameopt
RFC2253
```
To check your certificate (e.g., DN, validity, issuer, public key algorithm, etc.), enter the following command:
```bash
openssl x509 -in usercert.pem -text -noout
```
To download openssl for both Linux and Windows, please visit <http://www.openssl.org/related/binaries.html>. On Macintosh Mac OS X computers openssl is already pre-installed and can be used immediately.
Q: How do I create and then manage a keystore?
----------------------------------------------
IT4innovations recommends the java based keytool utility to create and manage keystores, which themselves are stores of keys and certificates. For example if you want to convert your pkcs12 formatted key pair into a java keystore you can use the following command.
```bash
keytool -importkeystore -srckeystore $my_p12_cert -destkeystore
$my_keystore -srcstoretype pkcs12 -deststoretype jks -alias
$my_nickname -destalias $my_nickname
```
where $my_p12_cert is the name of your p12 (pkcs12) certificate, $my_keystore is the name that you give to your new java keystore and $my_nickname is the alias name that the p12 certificate was given and is used also for the new keystore.
You also can import CA certificates into your java keystore with the tool, e.g.:
```bash
keytool -import -trustcacerts -alias $mydomain -file $mydomain.crt -keystore $my_keystore
```
where $mydomain.crt is the certificate of a trusted signing authority (CA) and $mydomain is the alias name that you give to the entry.
More information on the tool can be found at:<http://docs.oracle.com/javase/7/docs/technotes/tools/solaris/keytool.html>
Q: How do I use my certificate to access the different grid Services?
---------------------------------------------------------------------
Most grid services require the use of your certificate; however, the format of your certificate depends on the grid Service you wish to employ.
If employing the PRACE version of GSISSH-term (also a Java Web Start Application), you may use either the PEM or p12 formats. Note that this service automatically installs up-to-date PRACE CA certificates.
If the grid service is UNICORE, then you bind your certificate, in either the p12 format or JKS, to UNICORE during the installation of the client on your local machine. For more information, please visit [UNICORE6 in PRACE](http://www.prace-ri.eu/UNICORE6-in-PRACE)
If the grid service is part of Globus, such as GSI-SSH, GriFTP or GRAM5, then the certificates can be in either p12 or PEM format and must reside in the "$HOME/.globus" directory for Linux and Mac users or %HOMEPATH%.globus for Windows users. (Windows users will have to use the DOS command ’cmd’ to create a directory which starts with a ’.’). Further, user certificates should be named either "usercred.p12" or "usercert.pem" and "userkey.pem", and the CA certificates must be kept in a pre-specified directory as follows. For Linux and Mac users, this directory is either $HOME/.globus/certificates or /etc/grid-security/certificates. For Windows users, this directory is %HOMEPATH%.globuscertificates. (If you are using GSISSH-Term from prace-ri.eu then you do not have to create the .globus directory nor install CA certificates to use this tool alone).
Q: How do I manually import my certificate into my browser?
-----------------------------------------------------------
If you employ the Firefox browser, then you can import your certificate by first choosing the "Preferences" window. For Windows, this is Tools-&gt;Options. For Linux, this is Edit-&gt;Preferences. For Mac, this is Firefox-&gt;Preferences. Then, choose the "Advanced" button; followed by the "Encryption" tab. Then, choose the "Certificates" panel; select the option "Select one automatically" if you have only one certificate, or "Ask me every time" if you have more then one. Then click on the "View Certificates" button to open the "Certificate Manager" window. You can then select the "Your Certificates" tab and click on button "Import". Then locate the PKCS12 (.p12) certificate you wish to import, and employ its associated password.
If you are a Safari user, then simply open the "Keychain Access" application and follow "File-&gt;Import items".
If you are an Internet Explorer user, click Start-&gt;Settings-&gt;Control Panel and then double-click on Internet. On the Content tab, click Personal, and then click Import. In the Password box, type your password. NB you may be prompted multiple times for your password. In the "Certificate File To Import" box, type the filename of the certificate you wish to import, and then click OK. Click Close, and then click OK.
Q: What is a proxy certificate?
-------------------------------
A proxy certificate is a short-lived certificate which may be employed by UNICORE and the Globus services. The proxy certificate consists of a new user certificate and a newly generated proxy private key. This proxy typically has a rather short lifetime (normally 12 hours) and often only allows a limited delegation of rights. Its default location, for Unix/Linux, is /tmp/x509_u*uid* but can be set via the $X509_USER_PROXY environment variable.
Q: What is the MyProxy service?
-------------------------------
[The MyProxy Service](http://grid.ncsa.illinois.edu/myproxy/) , can be employed by gsissh-term and Globus tools, and is an online repository that allows users to store long lived proxy certificates remotely, which can then be retrieved for use at a later date. Each proxy is protected by a password provided by the user at the time of storage. This is beneficial to Globus users as they do not have to carry their private keys and certificates when travelling; nor do users have to install private keys and certificates on possibly insecure computers.
Q: Someone may have copied or had access to the private key of my certificate either in a separate file or in the browser. What should I do?
Please ask the CA that issued your certificate to revoke this certifcate and to supply you with a new one. In addition, please report this to IT4Innovations by contacting [the support team](https://support.it4i.cz/rt).
docs.it4i/get-started-with-it4innovations/obtaining-login-credentials/obtaining-login-credentials.md 0 → 100644
View file @ 7d998a7e
Obtaining Login Credentials
===========================
Obtaining Authorization
-----------------------
The computational resources of IT4I are allocated by the Allocation Committee to a [Project](/), investigated by a Primary Investigator. By allocating the computational resources, the Allocation Committee is authorizing the PI to access and use the clusters. The PI may decide to authorize a number of her/his Collaborators to access and use the clusters, to consume the resources allocated to her/his Project. These collaborators will be associated to the Project. The Figure below is depicting the authorization chain:
![](../../img/Authorization_chain.png)
You need to either [become the PI](../applying-for-resources/) or [be named as a collaborator](obtaining-login-credentials/#authorization-of-collaborator-by-pi) by a PI in order to access and use the clusters.
Head of Supercomputing Services acts as a PI of a project DD-13-5. Joining this project, you may **access and explore the clusters**, use software, development environment and computers via the qexp and qfree queues. You may use these resources for own education/research, no paperwork is required. All IT4I employees may contact the Head of Supercomputing Services in order to obtain **free access to the clusters**.
### Authorization of PI by Allocation Committee
The PI is authorized to use the clusters by the allocation decision issued by the Allocation Committee.The PI will be informed by IT4I about the Allocation Committee decision.
### Authorization by web
This is a preferred way of granting access to project resources. Please, use this method whenever it's possible.
Log in to the [IT4I Extranet portal](https://extranet.it4i.cz) using IT4I credentials and go to the **Projects** section.
- **Users:** Please, submit your requests for becoming a project member.
- **Primary Investigators:** Please, approve or deny users' requests in the same section.
### Authorization by e-mail (an alternative approach)
In order to authorize a Collaborator to utilize the allocated resources, the PI should contact the [IT4I support](https://support.it4i.cz/rt/) (E-mail: [support [at] it4i.cz](mailto:support%20%5Bat%5D%20it4i.cz)) and provide following information:
1. Identify your project by project ID
2. Provide list of people, including himself, who are authorized to use the resources allocated to the project. The list must include full name, e-mail and affiliation. Provide usernames as well, if collaborator login access already exists on the IT4I systems.
3. Include "Authorization to IT4Innovations" into the subject line.
Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):
```bash
Subject: Authorization to IT4Innovations
Dear support,
Please include my collaborators to project OPEN-0-0.
John Smith, john.smith@myemail.com, Department of Chemistry, MIT, US
Jonas Johansson, jjohansson@otheremail.se, Department of Physics, Royal Institute of Technology, Sweden
Luisa Fibonacci, lf@emailitalia.it, Department of Mathematics, National Research Council, Italy
Thank you,
PI
(Digitally signed)
```
Should the above information be provided by e-mail, the e-mail **must be** digitally signed. Read more on [digital signatures](obtaining-login-credentials/#the-certificates-for-digital-signatures) below.
The Login Credentials
-------------------------
Once authorized by PI, every person (PI or Collaborator) wishing to access the clusters, should contact the [IT4I support](https://support.it4i.cz/rt/) (E-mail: [support [at] it4i.cz](mailto:support%20%5Bat%5D%20it4i.cz)) providing following information:
1. Project ID
2. Full name and affiliation
3. Statement that you have read and accepted the [Acceptable use policy document](http://www.it4i.cz/acceptable-use-policy.pdf) (AUP).
4. Attach the AUP file.
5. Your preferred username, max 8 characters long. The preferred username must associate your surname and name or be otherwise derived from it. Only alphanumeric sequences, dash and underscore signs are allowed.
6. In case you choose [Alternative way to personal certificate](obtaining-login-credentials/#alternative-way-of-getting-personal-certificate),
a **scan of photo ID** (personal ID or passport or driver license) is required
Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):
```bash
Subject: Access to IT4Innovations
Dear support,
Please open the user account for me and attach the account to OPEN-0-0
Name and affiliation: John Smith, john.smith@myemail.com, Department of Chemistry, MIT, US
I have read and accept the Acceptable use policy document (attached)
Preferred username: johnsm
Thank you,
John Smith
(Digitally signed)
```
Should the above information be provided by e-mail, the e-mail **must be** digitally signed. To sign an e-mail, you need digital certificate. Read more on [digital signatures](obtaining-login-credentials/#the-certificates-for-digital-signatures) below.
Digital signature allows us to confirm your identity in remote electronic communication and provides an encrypted channel to exchange sensitive information such as login credentials. After receiving your signed e-mail with the requested information, we will send you your login credentials (user name, key, passphrase and password) to access the IT4I systems.
We accept certificates issued by any widely respected certification authority.
For various reasons we do not accept PGP keys.** Please, use only X.509 PKI certificates for communication with us.**
You will receive your personal login credentials by protected e-mail. The login credentials include:
1. username
2. ssh private key and private key passphrase
3. system password
The clusters are accessed by the [private key](../accessing-the-clusters/shell-access-and-data-transfer/ssh-keys/) and username. Username and password is used for login to the information systems listed on <http://support.it4i.cz/>.
### Change Passphrase
On Linux, use
```bash
local $ ssh-keygen -f id_rsa -p
```
On Windows, use [PuTTY Key Generator](../accessing-the-clusters/shell-access-and-data-transfer/puttygen/).
### Change Password
Change password in your user profile at <https://extranet.it4i.cz/user/>
The Certificates for Digital Signatures
-------------------------------------------
We accept personal certificates issued by any widely respected certification authority (CA). This includes certificates by CAs organized in International Grid Trust Federation (<http://www.igtf.net/>), its European branch EUGridPMA - <https://www.eugridpma.org/> and its member organizations, e.g. the CESNET certification authority - <https://tcs-p.cesnet.cz/confusa/>. The Czech *"Qualified certificate" (Kvalifikovaný certifikát)* (provided by <http://www.postsignum.cz/> or <http://www.ica.cz/Kvalifikovany-certifikat.aspx>), that is used in electronic contact with Czech authorities is accepted as well.
Certificate generation process is well-described here:
- [How to generate a personal TCS certificate in Mozilla Firefox web browser (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-gen)
A FAQ about certificates can be found here: [Certificates FAQ](certificates-faq/).
Alternative Way to Personal Certificate
-------------------------------------------
Follow these steps **only** if you can not obtain your certificate in a standard way. In case you choose this procedure, please attach a **scan of photo ID** (personal ID or passport or drivers license) when applying for [login credentials](obtaining-login-credentials/#the-login-credentials).
1. Go to <https://www.cacert.org/>.
- If there's a security warning, just acknowledge it.
2. Click *Join*.
3. Fill in the form and submit it by the *Next* button.
- Type in the e-mail address which you use for communication with us.
- Don't forget your chosen *Pass Phrase*.
4. You will receive an e-mail verification link. Follow it.
5. After verifying, go to the CAcert's homepage and login using *Password Login*.
6. Go to *Client Certificates* -&gt; *New*.
7. Tick *Add* for your e-mail address and click the *Next* button.
8. Click the *Create Certificate Request* button.
9. You'll be redirected to a page from where you can download/install your certificate.
- Simultaneously you'll get an e-mail with a link to the certificate.
Installation of the Certificate Into Your Mail Client
-----------------------------------------------------
The procedure is similar to the following guides:
- MS Outlook 2010
- [How to Remove, Import, and Export Digital certificates](http://support.microsoft.com/kb/179380)
- [Importing a PKCS #12 certificate (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/outl-cert-imp)
- Mozilla Thudnerbird
- [Installing an SMIME certificate](http://kb.mozillazine.org/Installing_an_SMIME_certificate)
- [Importing a PKCS #12 certificate (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-imp)
End of User Account Lifecycle
-----------------------------
User accounts are supported by membership in active Project(s) or by affiliation to IT4Innovations. User accounts, that loose the support (meaning, are not attached to an active project and are not affiliated with IT4I), will be deleted 1 year after the last project to which they were attached expires.
User will get 3 automatically generated warning e-mail messages of the pending removal:.
- First message will be sent 3 months before the removal
- Second message will be sent 1 month before the removal
- Third message will be sent 1 week before the removal.
The messages will inform about the projected removal date and will challenge the user to migrate her/his data
docs.it4i/img/7D_Enhanced_hypercube.png 0 → 100644
View file @ 7d998a7e
docs.it4i/img/7D_Enhanced_hypercube.png

154 KiB

docs.it4i/img/AMsetPar1.png 0 → 100644
View file @ 7d998a7e
docs.it4i/img/AMsetPar1.png

46.5 KiB

docs.it4i/img/Anselmprofile.jpg 0 → 100644
View file @ 7d998a7e
docs.it4i/img/Anselmprofile.jpg

19.6 KiB

docs.it4i/img/Authorization_chain.png 0 → 100644
View file @ 7d998a7e
docs.it4i/img/Authorization_chain.png

26.8 KiB

docs.it4i/img/Fluent_Licence_1.jpg 0 → 100644
View file @ 7d998a7e
docs.it4i/img/Fluent_Licence_1.jpg

78.9 KiB

docs.it4i/img/Fluent_Licence_2.jpg 0 → 100644
View file @ 7d998a7e
docs.it4i/img/Fluent_Licence_2.jpg

81.4 KiB

docs.it4i/img/Fluent_Licence_3.jpg 0 → 100644
View file @ 7d998a7e
docs.it4i/img/Fluent_Licence_3.jpg

87 KiB

docs.it4i/img/Fluent_Licence_4.jpg 0 → 100644
View file @ 7d998a7e
docs.it4i/img/Fluent_Licence_4.jpg

80.5 KiB