Ssh using kerberos
In the (simple) old-style ssh you would pass around your public key (from ~/.ssh: id_rsa.pub or id_dsa.pub as generated using the ssh-keygen program) and store it on the remote machine in a file ~/.ssh/authorized_keys. After this ssh would allow you to logon to that machine without the need to type your password.
Since GLUE is using kerberos, the old-style ssh authenticated access won't work anymore (you can of course just keep giving your LDAP password, it will still work). Your client machine will have to be modified to know about the GLUE kerberos system. On linux machines you should modify two files:
[libdefaults] default_realm = UMD.EDU dns_lookup_kdc = true dns_lookup_realm = true
If this file does not exist, you may have to install a package. On Fedora its called krb5-libs, on Mandrake it is called libkrb53 or something like it. On Ubuntu ....(TODO)
GSSAPIAuthentication yes GSSAPIDelegateCredentials yes
If this file does not exist.... well, you probably did not install ssh, or the config files live in an odd place. Maybe the locate command will help you find them.
After this the kinit command is used to authenticate you, and whenever you logon to a GLUE machine, it will let you in. With one minor hickup, if you write shell scripts that do automated ssh logon, manually do this once, since you will see the usual question when it's a new machine and it be added to your ~/.ssh/known_hosts file.
Actually, isn't there another major hickup....??? Once you run klist, it is only good for 24 hours. Or if you set another lifetime, e.g. 2 days using
kinit -l 2d
This could be a major nuisance for those wanting to run ssh in crontabs....
Another thing to figure out is when your local username is not the same as on the kerberos system....
Just a few links on ssh/kerberos that may still be there when you reach them: