obtaining-login-credentials.md 9.93 KB
Newer Older
Lukáš Krupčík's avatar
Lukáš Krupčík committed
1
# Obtaining Login Credentials
Lukáš Krupčík's avatar
Lukáš Krupčík committed
2

Lukáš Krupčík's avatar
Lukáš Krupčík committed
3
## Obtaining Authorization
4

Lukáš Krupčík's avatar
->  
Lukáš Krupčík committed
5
The computational resources of IT4I are allocated by the Allocation Committee to a [Project](/), investigated by a Primary Investigator. By allocating the computational resources, the Allocation Committee is authorizing the PI to access and use the clusters. The PI may decide to authorize a number of her/his Collaborators to access and use the clusters, to consume the resources allocated to her/his Project. These collaborators will be associated to the Project. The Figure below is depicting the authorization chain:
Lukáš Krupčík's avatar
Lukáš Krupčík committed
6

Lukáš Krupčík's avatar
Lukáš Krupčík committed
7
![](../../img/Authorization_chain.png)
Lukáš Krupčík's avatar
Lukáš Krupčík committed
8

9
!!! note
Lukáš Krupčík's avatar
Lukáš Krupčík committed
10
    You need to either [become the PI](../applying-for-resources/) or [be named as a collaborator](obtaining-login-credentials/#authorization-by-web) by a PI in order to access and use the clusters.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
11

Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
12
Head of Supercomputing Services acts as a PI of a project DD-13-5. Joining this project, you may **access and explore the clusters**, use software, development environment and computers via the qexp and qfree queues. You may use these resources for own education/research, no paperwork is required. All IT4I employees may contact the Head of Supercomputing Services in order to obtain **free access to the clusters**.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
13

Lukáš Krupčík's avatar
Lukáš Krupčík committed
14
## Authorization of PI by Allocation Committee
Lukáš Krupčík's avatar
Lukáš Krupčík committed
15

Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
16
The PI is authorized to use the clusters by the allocation decision issued by the Allocation Committee.The PI will be informed by IT4I about the Allocation Committee decision.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
17

David Hrbáč's avatar
David Hrbáč committed
18
## Authorization by Web
Lukáš Krupčík's avatar
Lukáš Krupčík committed
19

20
!!! warning
Lukáš Krupčík's avatar
Lukáš Krupčík committed
21
    **Only** for those who already have their IT4I HPC account. This is a preferred way of granting access to project resources. Please, use this method whenever it's possible.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
22

Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
23
This is a preferred way of granting access to project resources. Please, use this method whenever it's possible.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
24

25
Log in to the [IT4I Extranet portal](https://extranet.it4i.cz) using IT4I credentials and go to the **Projects** section.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
26

Lukáš Krupčík's avatar
Lukáš Krupčík committed
27 28
* **Users:** Please, submit your requests for becoming a project member.
* **Primary Investigators:** Please, approve or deny users' requests in the same section.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
29

David Hrbáč's avatar
David Hrbáč committed
30
## Authorization by E-Mail (An Alternative Approach)
Lukáš Krupčík's avatar
Lukáš Krupčík committed
31

David Hrbáč's avatar
David Hrbáč committed
32
In order to authorize a Collaborator to utilize the allocated resources, the PI should contact the [IT4I support](https://support.it4i.cz/rt/) (E-mail: [support\[at\]it4i.cz](mailto:support@it4i.cz)) and provide following information:
Lukáš Krupčík's avatar
Lukáš Krupčík committed
33

Lukáš Krupčík's avatar
Lukáš Krupčík committed
34 35 36
1. Identify your project by project ID
1. Provide list of people, including himself, who are authorized to use the resources allocated to the project. The list must include full name, e-mail and affiliation. Provide usernames as well, if collaborator login access already exists on the IT4I systems.
1. Include "Authorization to IT4Innovations" into the subject line.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
37

38
!!! warning
Lubomir Prda's avatar
Lubomir Prda committed
39
    Should the above information be provided by e-mail, the e-mail **must be** digitally signed. Read more on [digital signatures](#certificates-for-digital-signatures) below.
40

Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
41
Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):
Lukáš Krupčík's avatar
Lukáš Krupčík committed
42

Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
43
```bash
Lukáš Krupčík's avatar
Lukáš Krupčík committed
44 45 46 47 48 49 50 51 52 53 54 55 56
    Subject: Authorization to IT4Innovations

    Dear support,

    Please include my collaborators to project OPEN-0-0.

    John Smith, john.smith@myemail.com, Department of Chemistry, MIT, US
    Jonas Johansson, jjohansson@otheremail.se, Department of Physics, Royal Institute of Technology, Sweden
    Luisa Fibonacci, lf@emailitalia.it, Department of Mathematics, National Research Council, Italy

    Thank you,
    PI
    (Digitally signed)
Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
57
```
Lukáš Krupčík's avatar
Lukáš Krupčík committed
58

David Hrbáč's avatar
David Hrbáč committed
59
## Login Credentials
Lukáš Krupčík's avatar
Lukáš Krupčík committed
60

David Hrbáč's avatar
David Hrbáč committed
61
Once authorized by PI, every person (PI or Collaborator) wishing to access the clusters, should contact the [IT4I support](https://support.it4i.cz/rt/) (E-mail: [support\[at\]it4i.cz](mailto:support@it4i.cz)) providing following information:
Lukáš Krupčík's avatar
Lukáš Krupčík committed
62

Lukáš Krupčík's avatar
Lukáš Krupčík committed
63 64 65 66 67
1. Project ID
1. Full name and affiliation
1. Statement that you have read and accepted the [Acceptable use policy document](http://www.it4i.cz/acceptable-use-policy.pdf) (AUP).
1. Attach the AUP file.
1. Your preferred username, max 8 characters long. The preferred username must associate your surname and name or be otherwise derived from it. Only alphanumeric sequences, dash and underscore signs are allowed.
Lubomir Prda's avatar
Lubomir Prda committed
68
1. In case you choose [Alternative way to personal certificate](#alternative-way-to-personal-certificate), a **scan of photo ID** (personal ID or passport or driver license) is required
Lukáš Krupčík's avatar
Lukáš Krupčík committed
69

70
!!! warning
Lubomir Prda's avatar
Lubomir Prda committed
71
    Should the above information be provided by e-mail, the e-mail **must be** digitally signed. Read more on [digital signatures](#certificates-for-digital-signatures) below.
72

Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
73 74 75
Example (except the subject line which must be in English, you may use Czech or Slovak language for communication with us):

```bash
Lukáš Krupčík's avatar
Lukáš Krupčík committed
76 77 78 79 80 81 82 83 84 85 86 87 88
    Subject: Access to IT4Innovations

    Dear support,

    Please open the user account for me and attach the account to OPEN-0-0
    Name and affiliation: John Smith, john.smith@myemail.com, Department of Chemistry, MIT, US
    I have read and accept the Acceptable use policy document (attached)

    Preferred username: johnsm

    Thank you,
    John Smith
    (Digitally signed)
Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
89
```
Lukáš Krupčík's avatar
Lukáš Krupčík committed
90

Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
91
You will receive your personal login credentials by protected e-mail. The login credentials include:
Lukáš Krupčík's avatar
Lukáš Krupčík committed
92

Lukáš Krupčík's avatar
Lukáš Krupčík committed
93 94 95
1. username
1. ssh private key and private key passphrase
1. system password
Lukáš Krupčík's avatar
Lukáš Krupčík committed
96

Pavel Jirásek's avatar
links  
Pavel Jirásek committed
97
The clusters are accessed by the [private key](../accessing-the-clusters/shell-access-and-data-transfer/ssh-keys/) and username. Username and password is used for login to the [information systems](http://support.it4i.cz/).
Lukáš Krupčík's avatar
Lukáš Krupčík committed
98

Lukáš Krupčík's avatar
Lukáš Krupčík committed
99
## Change Passphrase
Lukáš Krupčík's avatar
Lukáš Krupčík committed
100 101 102

On Linux, use

Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
103
```bash
Lukáš Krupčík's avatar
Lukáš Krupčík committed
104
local $ ssh-keygen -f id_rsa -p
Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
105
```
Lukáš Krupčík's avatar
Lukáš Krupčík committed
106

Pavel Jirásek's avatar
Pavel Jirásek committed
107
On Windows, use [PuTTY Key Generator](../accessing-the-clusters/shell-access-and-data-transfer/putty/#putty-key-generator).
Lukáš Krupčík's avatar
Lukáš Krupčík committed
108

Lukáš Krupčík's avatar
Lukáš Krupčík committed
109
## Change Password
Lukáš Krupčík's avatar
Lukáš Krupčík committed
110

Pavel Jirásek's avatar
links  
Pavel Jirásek committed
111
Change password in [your user profile](https://extranet.it4i.cz/user/).
Lukáš Krupčík's avatar
Lukáš Krupčík committed
112

David Hrbáč's avatar
David Hrbáč committed
113
## Certificates for Digital Signatures
Lukáš Krupčík's avatar
Lukáš Krupčík committed
114

David Hrbáč's avatar
David Hrbáč committed
115
We accept personal certificates issued by any widely respected certification authority (CA). This includes certificates by CAs organized in [International Grid Trust Federation](http://www.igtf.net/), its European branch [EUGridPMA](https://www.eugridpma.org/) and its member organizations, e.g. the [CESNET certification authority](https://tcs.cesnet.cz). The Czech _"Qualified certificate" (Kvalifikovaný certifikát)_ provided by [PostSignum](http://www.postsignum.cz/) or [I.CA](http://www.ica.cz/Kvalifikovany-certifikat.aspx), that is used in electronic contact with Czech authorities is accepted as well.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
116

117
Certificate generation process for academic purposes, utilizing the CESNET certification authority, is well-described here:
Lukáš Krupčík's avatar
Lukáš Krupčík committed
118

Lukáš Krupčík's avatar
Lukáš Krupčík committed
119
* [How to generate a personal TCS certificate in Mozilla Firefox web browser (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-gen)
Lubomir Prda's avatar
TYPO  
Lubomir Prda committed
120

121
If you are not able to obtain certificate from any of the respected certification authorities, please follow the Alternative Way bellow.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
122

123
A FAQ about certificates can be found here: [Certificates FAQ](certificates-faq/).
Lukáš Krupčík's avatar
Lukáš Krupčík committed
124

Lukáš Krupčík's avatar
Lukáš Krupčík committed
125
## Alternative Way to Personal Certificate
Lukáš Krupčík's avatar
Lukáš Krupčík committed
126

127 128 129
Follow these steps **only** if you can not obtain your certificate in a standard way. In case you choose this procedure, please attach a **scan of photo ID** (personal ID or passport or drivers license) when applying for login credentials.

!!! warning
Lubomir Prda's avatar
TYPO  
Lubomir Prda committed
130
    Please use Firefox (clone) for following steps. Other browsers, like Chrome, are not compatible.
131

Lubomir Prda's avatar
Lubomir Prda committed
132
* Go to [COMODO Application for Secure Email Certificate](https://secure.comodo.com/products/frontpage?area=SecureEmailCertificate).
133
* Fill in the form, accept the Subscriber Agreement and submit it by the _Next_ button.
Lubomir Prda's avatar
Lubomir Prda committed
134 135
    * Type in the e-mail address, which you intend to use for communication with us.
    * Don't forget your chosen _Revocation password_.
136 137
* You will receive an e-mail with link to collect your certificate. Be sure to open the link in the same browser, in which you submited the application.
* Your browser should notify you, that the certificate has been correctly installed in it. Now you will need to save it as a file.
Lubomir Prda's avatar
Lubomir Prda committed
138 139
* In Firefox navigate to _Options > Advanced > Certificates > View Certificates_.
* Choose the _Your Certificates_ tab and find the fresh certificate with today's date.
140
* Select it and hit the _Backup..._ button
Lubomir Prda's avatar
typos  
Lubomir Prda committed
141 142
* Standard save dialog should appear, where you can choose a name for the certificate file for easy identification in the future.
* You will be prompted to choose a passphrase for your new certificate. This passphrase will be needed for installation into your favourite email client.
143 144

!!! note
Lubomir Prda's avatar
Lubomir Prda committed
145
    Certificate file now can be installed into your email client. Web-based email interfaces cannot be used for secure communication, externall application, such as Thunderbird or Outlook must be used (instructions bellow). This way, your new credentials will be visible only in applications, that have access to your certificate.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
146 147

## Installation of the Certificate Into Your Mail Client
Lukáš Krupčík's avatar
Lukáš Krupčík committed
148

Lukáš Krupčík's avatar
Lukáš Krupčík committed
149
The procedure is similar to the following guides:
Pavel Jirásek's avatar
list  
Pavel Jirásek committed
150 151

MS Outlook 2010
Pavel Jirásek's avatar
Pavel Jirásek committed
152

Lukáš Krupčík's avatar
Lukáš Krupčík committed
153 154
* [How to Remove, Import, and Export Digital certificates](http://support.microsoft.com/kb/179380)
* [Importing a PKCS #12 certificate (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/outl-cert-imp)
Pavel Jirásek's avatar
list  
Pavel Jirásek committed
155 156

Mozilla Thudnerbird
Pavel Jirásek's avatar
Pavel Jirásek committed
157

158
* [Installing an SMIME certificate](https://support.globalsign.com/customer/portal/articles/1214955-install-certificate---mozilla-thunderbird)
Lukáš Krupčík's avatar
Lukáš Krupčík committed
159
* [Importing a PKCS #12 certificate (in Czech)](http://idoc.vsb.cz/xwiki/wiki/infra/view/uzivatel/moz-cert-imp)
Lukáš Krupčík's avatar
Lukáš Krupčík committed
160

Lukáš Krupčík's avatar
Lukáš Krupčík committed
161
## End of User Account Lifecycle
Lukáš Krupčík's avatar
Lukáš Krupčík committed
162

Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
163
User accounts are supported by membership in active Project(s) or by affiliation to IT4Innovations. User accounts, that loose the support (meaning, are not attached to an active project and are not affiliated with IT4I), will be deleted 1 year after the last project to which they were attached expires.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
164

Lukáš Krupčík's avatar
all  
Lukáš Krupčík committed
165
User will get 3 automatically generated warning e-mail messages of the pending removal:.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
166

Lukáš Krupčík's avatar
Lukáš Krupčík committed
167 168 169
* First message will be sent 3 months before the removal
* Second message will be sent 1 month before the removal
* Third message will be sent 1 week before the removal.
Lukáš Krupčík's avatar
Lukáš Krupčík committed
170

Pavel Jirásek's avatar
list  
Pavel Jirásek committed
171
The messages will inform about the projected removal date and will challenge the user to migrate her/his data