national center for supercomputing applications university of illinois at urbana–champaign...
TRANSCRIPT
National Center for Supercomputing ApplicationsUniversity of Illinois at Urbana–Champaign
Two-factor Authentication TutorialFor NCSA Private Sector Program
Outline
• Getting Started• Installing your app• Requesting a soft token• Downloading your token seed
• Activating your soft token• Using your soft token
• Login to iForge• Globus Online transfers• Single Sign-On (Advanced Users)
Installing your app
• Download free RSA SecurID app to your phone• iPhone, Android, Windows or Blackberry app stores all have it
• Note your Binding ID in the settings for next step
iOS app example
Request a token
• Go to the pagehttps://internal.ncsa.illinois.edu/mis/rsa/index.php?page=new&• Login with your NCSA
password• Enter your Binding ID & email
address on the page• Wait for email (1 business day
max)
Download & Install your token seed
• Receive email from NCSA on your phone
• Open the link to activate token
• RSA app should open and import the token
Outline
• Getting Started• Installing your app• Requesting a soft token• Downloading your token seed
• Activating your soft token• Using your soft token
• Login to iForge• Globus Online transfers• Single Sign-On (Advanced Users)
Activating your token
• Go to https://otp.ncsa.illinois.edu• Enter your user ID (NCSA username)
Outline
• Getting Started• Installing your app• Requesting a soft token• Downloading your token seed
• Activating your soft token• Using your soft token
• Login to iForge• Globus Online transfers• Single Sign-On (Advanced Users)
Logging into iForge
• SSH to iforgehn1.ncsa.illinois.edu• Enter your newly set PIN followed by current passcode• (Optional) Multiple logins for OpenSSH Mac/Linux clients
• OpenSSH supports multiple shells, one login• Add the following to your ~/.ssh/ssh_config
ControlMaster autoControlPath ~/.ssh/control:%h:%p:%r
New for GlobusOnline Users
• You are redirected to an NCSA portal• Enter your username & PIN followed by the current code
Outline
• Getting Started• Installing your app• Requesting a soft token• Downloading your token seed
• Activating your soft token• Using your soft token
• Login to iForge• Globus Online transfers• Single Sign-On (Advanced Users)
(Advanced) Single Sign-on with GSISSH
• Requires installing the GSISSH & MyProxy on your desktop• Supported well on Mac & Linux
• Works by using certificates that last up to 10 days• Use ‘gsissh’ command, not ‘ssh’
Installing GSISSH & MyProxy
• From a Mac or Linux computer• Download the latest Globus Toolkit from
http://www.globus.org/toolkit/downloads/• Unpack the download
• tar xzf gt6*-installer.tar.gz
• Install MyProxy & GSISSH
$ cd gt5*-installer$ ./configure --prefix=$HOME/globus$ make gsi-myproxy gsi-openssh$ make install
Update Shell Environment
• For BASH, add to the ~/.bashrc file
• For C Shell, add to the ~/.cshrc file
$ GLOBUS_LOCATION=$HOME/globus$ export GLOBUS_LOCATION$ . $GLOBUS_LOCATION/etc/globus-user-env.sh
$ setenv GLOBUS_LOCATION $HOME/globus$ source $GLOBUS_LOCATION/etc/globus-user-env.csh
Obtaining your MyProxy certificate
• For regular 12 hour certificate• myproxy-logon -T -l username –s tfca.ncsa.illinois.edu
• For regular longer-lived certificate (up to 264 hours)• myproxy-logon -T -l username –s tfca.ncsa.illinois.edu –t 264