|
|
Accounts and Passwords |
New Accounts
On-site Employees
- Obtain a Fermilab ID during New Employee Orientation. (required before you can apply for computing accounts).
- Read the Fermilab Policy on Computing.
- You may then fill out the Request Form for Computing Username and Primary Accounts. This form is used to request any of the following:
Contractors
- Fill out and get signatures on the Contractor ID form (PDF) and obtain your Contractor ID (required before you can apply for computing accounts).
- Read the Fermilab Policy on Computing.
- Fill out the Request Form for Computing Username and Primary Accounts (see above for a list of items which can be requested via this form).
On-site Visitors
- Fill out and get signatures on the Visitors ID Form (PDF) and obtain your Fermilab Visitor ID (required before you can apply for computing accounts).
- Read the Fermilab Policy on Computing.
- Fill out the Request Form for Computing Username and Primary Accounts (see above for a list of items which can be requested via this form).
- To renew your visitor ID, please submit a servicedesk ticket and the staff in the User's Office will handle it.
Off-site Visitors
Please read Getting Started as Non-Employee Off-site User.
|
Renewing Accounts
On-site Employees
Periodically re-read the Fermilab Policy on Computing. Your ID and computer privileges are automatically renewed as long as you remain an employee, but you do need to visit the Key & ID office on the ground floor of Wilson Hall to get a new valid photo ID before it expires. (You will be notified by email prior to expiration.)
To reactivate any of your previous accounts, fill out the form for Reactivating Primary Accounts or your Kerberos Principal.
Contractors
- Re-read the Fermilab Policy on Computing.
- Fill out and get signatures on on the Contractor ID form (PDF) for each contract period, BEFORE your ID expires. Failure to do so
will result in losing your computer account acess. If this happens,
fill out the form for Reactivating Primary Accounts or your Kerberos Principal. (You will be notified by email prior to expiration.)
On-site Visitors
- Re-read the Fermilab Policy on Computing.
- Fill out and get signatures on the Visitors ID Form (PDF) BEFORE your ID expires. Failure to do so
will result in losing your computer account acess. If this happens,
fill out the form for Reactivating Primary Accounts or your Kerberos Principal. (You will be notified by email prior to expiration.)
Off-site Visitors
- Re-read the Fermilab Policy on Computing.
- Fill out the form Apply to Use Fermilab Computers from Off-Site for Non-Employees.
|
Kerberos Principals
The Kerberos Network Authentication Service V5 is the strong
authentication program that Fermilab computers are required to run. All
the computers associated with a Kerberos installation make up what's
called a "strengthened realm". At Fermilab, the strengthened realm for
UNIX machines is called FNAL.GOV; for the Windows domain it is
FERMI.WIN.FNAL.GOV.
As a user, you need to obtain a Kerberos Principal for each realm
and you must choose a very-hard-to-guess Kerberos password. A principal
and a password are used together to authenticate you to a machine
configured to be in the realm. Your principals will be of the form
principal_name@REALM (e.g., joe@FNAL.GOV and joe@FERMI.WIN.FNAL.GOV).
|
Password Change
Follow the procedure for
the appropriate system:
*** On UNIX, the Kerberos V5 password and the AFS password are both
changed using a command called kpasswd. For Kerberos, use
/usr/krb5/bin/kpasswd. For AFS, use /usr/afsws/bin/kpasswd.
If you have forgotten your password on one of the systems above, you should contact the Service Desk, ext 2345, Wilson Hall ground floor. For all other systems, you need to contact the system administrator.
Please refer to Password Rules for guidelines in choosing your passwords.
|
Fermilab Email Address
Any Fermilab employee, scientific user, or contractor with a valid
Fermilab ID is eligible for a Fermilab email address,
username@fnal.gov. You are given one automatically when you obtain a
Kerberos principal. Use Request Form for Computing Username and Primary Accounts to apply for these items.
Your Fermilab email address should be used as your primary address
to ensure that your mail passes through the Fermilab email gateway. The
gateway acts as a distribution point for all electronic mail between
"@fnal.gov" and outside systems. The gateway facilitates the transfer
of messages between dissimilar mail systems. It also scans all messages
originating off-site for virus-infected attachments. The IMAP servers
scan every message they receive, including those originating on-site.
The Fermilab mail gateway server doesn't store mail; you will need
to set your forward on the gateway server to point to an account on an
IMAP/POP server or on a UNIX system (either at Fermilab, your home
institution, or an ISP) on
which you read your email. (We recommend using one of the IMAP servers;
see below.) Then, you should set the forward on all other accounts (on
which you don't read mail) to your primary address, e.g.,
username@fnal.gov. If/when you decide to read your mail on a different
machine, you need only set up your new machine to read mail and then set your mail forward on the gateway server to this new machine. (For more detailed information, see Setting Email Forwards .)
|
Services Accounts
A "Services Account" enables you to access a number of important
applications at Fermilab with a single username/password. Applications
now available via the "Services Account" are: Fermilab Service Desk and
Fermilab Exchange Email. Over time, more and more applications will
come under the "Services Account" umbrella, such as Fermilab Time and Labor Reporting. Go to the "Services Accounts" page for more information and find out how to get a "Services Account".
|
Windows Accounts
Fermilab's Windows domain is named FERMI.WIN.FNAL.GOV; note the
upper case. Desktops, servers and other computing resources that belong
to it require authentication to the domain prior to use, Kerberos being
the default protocol used. You don't get a domain "account" per se,
once you obtain a Kerberos principal using Request Form for Computing Username and Primary Accounts.you
will be able to authenticate to this domain and thereby access some
subset of the servers and resources, as configured for your group. The
available resources include:
- File storage, backup, virus-checking and disaster recovery
- Computing Division supported softwares and software patches
- Email services
- Wide variety of printers
- VPN support for remote access
|
FNALU Accounts
In order to get an account on the central UNIX system FNALU, you
will need approval from your supervisor or a scientific spokesman when
you fill out the Request Form for FNALU Accounts.
FNALU is a managed resource. If you need dedicated space for your project for a group of people on AFS, please fill up Request Form for AFS Space , small projects may qualify under "Non-Grant Usage " guidelines. If you are part of a group or experiment that already has
an approved grant, you may be covered by that grant, so check with your
group/experiment first. |
Crypto Card
If you need to make network connections to UNIX machines in the FNAL.GOV realm from non-Kerberized machines, you will need a Crypto Card.
Apply for your Crypto Card by filling out Request form for CryptoCard. you
will need approval from your supervisor or a scientific spokesman when
you fill out the Request Form for FNALU Accounts. |
Send comments about this page via the suggestion form
Last updated by cdweb 9/02/2009
|
|
