Newer
Older
If you are affiliated with an academic institution from the Czech Republic ([eduID.cz][u]), create an [e-INFRA CZ account][8], instead.
If you are not eligible for an e-INFRA CZ account, contact the [IT4I support][a] (email: [support\[at\]it4i.cz][b]) and provide the following information:
1. Personal information (**required**, note that without this information, you cannot use IT4I resources):
1. **Citizenship**
1. **Country of residence**
1. **Organization/affiliation**
1. **Organization/affiliation country**
1. **Organization/affiliation type** (university, company, R&D institution, private/public sector (hospital, police), academy of sciences, etc.)
1. **Job title** (student, PhD student, researcher, research assistant, employee, etc.)
1. Project name and/or primary investigator's (PI) name. Project name consists of project type (OPEN|DD|EU|ATR|FTA|ICA) and number in -XX-XX format, for example OPEN-33-12.
1. Statement that you have read and accepted the [Acceptable use policy document][c] (AUP)
1. Attach the AUP file
1. Your preferred username (length is limited between 4 and 7 letters)<br>The preferred username must associate with your first and last name or be otherwise derived from it. Note that the system will automatically add the `it4i-` prefix to your username.
1. Public part of your SSH key<br>If you don't provide it in the ticket, you must [add it manually][s] after your account is created.
1. All information above should be provided by email that is **digitally signed by a CA authority**. Read more on [digital signatures][4] below. If you do not have such a digital signature, you can choose an [Alternative way to personal certificate][3].
Example (except the subject line, which must be in English, you may use Czech or Slovak language for communication with us):
```console
Subject: Access to IT4Innovations
Dear support,
Please open the user account for me and attach the account to PROJECTNAME-XX-XX.
Personal information: John Smith, USA, Department of Chemistry, MIT, MA, US.
I have read and accept the Acceptable use policy document (attached).
Preferred username: johnsm
Thank you,
John Smith
(Digitally signed)
```
You will receive your personal login credentials in an encrypted email. The login credentials include:
1. username
1. system password
The clusters are accessed by the [private key][5] and username. Username and password are used for login to the [information systems][d].
## Certificates for Digital Signatures
We accept personal certificates issued by any widely respected certification authority (CA). This includes certificates by CAs organized in [International Grid Trust Federation][f], its European branch [EUGridPMA][g] and its member organizations, e.g. the [CESNET certification authority][h]. The Czech _"Qualified certificate" (Kvalifikovaný certifikát)_ provided by [PostSignum][i] or [I.CA][j], which is used in electronic contact with Czech authorities, is accepted as well. **In general, we accept certificates issued by any trusted CA that ensures unambiguous identification of the user.**
Certificate generation process for academic purposes, utilizing the CESNET certification authority, is well described here:
* [How to generate a personal TCS certificate in Mozilla Firefox ESR web browser.][k] (in Czech)
!!! note
The certificate file can be installed into your email client. Web-based email interfaces cannot be used for secure communication, external application, such as Thunderbird or Outlook must be used. This way, your new credentials will be visible only in applications that have access to your certificate.
If you are not able to obtain the certificate from any of the respected certification authorities, follow the Alternative Way below.
FAQ about certificates can be found here: [Certificates FAQ][7].
## Alternative Way to Personal Certificate
!!! important
Choose this alternative **only** if you cannot obtain your certificate in a standard way.
Note that in this case **you must attach a scan of your photo ID** (personal ID, passport, or driver's license) when applying for login credentials.
An alternative to personal certificate is an S/MIME certificate allowing secure email communication,
e.g. providing sensitive information such as ID scan or user login/password.
The following example is for Actalis free S/MIME certificate, but you can choose your preferred CA.
1. Go to the [Actalis Free Email Certificate][l] request form.
1. Follow the instructions: fill out the form, accept the terms and conditions, and submit the request.
1. You will receive an email with the certificate.
1. Import the certificate to one of the supported email clients.
1. Attach a scan of photo ID (personal ID, passport, or driver license) to your email request for IT4I account.
!!! note
Web-based email interfaces cannot be used for secure communication; external application, such as Thunderbird or Outlook must be used. This way, your new credentials will be visible only in applications that have access to your certificate.
[1]: ./obtaining-login-credentials.md#certificates-for-digital-signatures
[2]: #authorization-by-web
[3]: #alternative-way-to-personal-certificate
[4]: #certificates-for-digital-signatures
[5]: ../accessing-the-clusters/shell-access-and-data-transfer/ssh-keys.md
[6]: ../accessing-the-clusters/shell-access-and-data-transfer/putty.md#putty-key-generator
[7]: ../obtaining-login-credentials/certificates-faq.md
[a]: https://support.it4i.cz/rt/
[b]: mailto:support@it4i.cz
[c]: https://docs.it4i.cz/general/aup/
[d]: http://support.it4i.cz/
[e]: https://scs.it4i.cz
[f]: http://www.igtf.net/
[g]: https://www.eugridpma.org
[h]: https://tcs.cesnet.cz
[i]: http://www.postsignum.cz/
[j]: http://www.ica.cz/Kvalifikovany-certifikat.aspx
[k]: http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-gen
[l]: https://extrassl.actalis.it/portal/uapub/freemail?lang=en
[r]: https://www.it4i.cz/computing-resources-allocation/?lang=en
[s]: https://extranet.it4i.cz/ssp/?action=changesshkey