TODO: Expand= VTLUUG =
VTLUUG has been was Kerberos uses [[Infrastructure:Chimera|chimera]] as it's FreeIPA server, and LDAP for authentication until the all VTLUUG hosts except [[CVL evictionInfrastructure:Joey|joey]]. We have now migrated to an LDAP only domain due to a lack of IPv6 on behind , the router.ece.vt.edu. The old Kerberos server was configured to work on IPv6 only therefore we were required to migrate away from , are in its use for authenticationdomain.
With the current deployment acidburn should be acceptable through normal password authentication over ssh. There is no need to configure tickets or anything else Kerberos related.== Account maintenance instructions ==
==Account maintenance instructions==All users can log into [https://chimera.vtluug.org Chimera's FreeIPA web GUI] to edit their account. Yes, it does have a self signed cert. Get over it /s
All users will be able to use standard shell commands (such as chsh) to change attributes For management of their own account. Additionally they can make direct requests to the LDAP server (razor.vtluug.org) using ldapmodify and .ldif files entire domain, officers are able to change attributes as well. Explaining .ldif files and ldapmodify is beyond the scope of this articleadd, remove, or modify users in any way.
For management of == History == VTLUUG has been was Kerberos and LDAP for authentication until the entire [[CVL eviction]]. We then migrated to an LDAP only domain officers who know the LDAP root users credentials will be able due to log in to the LDAP Administrator web application running a lack of IPv6 on razorbehind router.vtluugece.orgvt. Information edu. The old Kerberos server was configured to work on this IPv6 only, therefore, we were required to migrate away from its use for authentication. With the old deployment, [[Infrastructure:Acidburn|acidburn]] should be acceptable through normal password authentication over ssh. There is really only shared on a no need to know basis between officersconfigure tickets or anything else Kerberos related. = CAS = The '''Virginia Tech Central Authentication System''' or '''CAS''' is the Virginia Tech deployment of the [[Free software|open source]] [[w:Shibboleth (Internet2)|Shibboleth]] authentication system. Shibboleth can be thought of as an identity provider similar to [[w:OpenID|OpenID]], but more centralized, and thus well-liked by institutions such as universities. == Scripted Login ==The following is a work in progress. Eventually, the following commands should yield a login.<pre>$ curl -s -c cookies https://auth.vt.edu/login?service=https://my.vt.edu/Login | sed -nrf sedconf | xargs curl</pre> The <code>sedconf</code> file's contents are below.<pre>/name="lt"/s/.*value="([^"]*).*/-d "lt=\1"/p/name="_eventId"/s/.*value="([^"]*).*/-d "eventId=\1"/p/name="submit"/s/.*value="(^")*".*/-d "submit=\1"/p/action="/s/.*action="([^;]*)[^?]*(\??[^"]*).*/--url "https:\/\/auth.vt.edu\1\2"/p$a -d "username=bob"$a -d "password=bubba"$a -c cookies</pre> Refer to the content is not entirely appropriate [[sed]] and [[curl]] manual pages for a public wikidetails on the various commands that drive this script. =External Links=* [https://auth.vt.edu VT CAS]* [http://www.computing.vt.edu/infrastructure_services/cas/index.html Description of CAS]
[[Category:Infrastructure]]
[[Category:Needs restorationScripts]][[Category:Campus computing resources]]