How do I manage a SEAS activity account?

Administrators are listed in the activity account's Kerberos authorization file (~/.k5login) in the format pennname@UPENN.EDU (where pennname is a valid PennKey username), one on each line. All listed administrators will be able to remotely log into the account using kerberized clients. Administrators with SEAS accounts are also able to proxy as the activity account in the SEAS Account Management website to change various passwords, configure Google@SEAS and manage other resources for the account.

Manage Activity Account

How do I change passwords for an activity account?

To change the SEAS local (eniac login), Google@SEAS or MySQL passwords for the account:

  1. Visit the Manage Activity Account page.
  2. Log in with your own PennKey, if prompted.
  3. Enter the username of the activity account you want to manage.

You are now proxying as that account and should be able to change the passwords for it using the options in the lefthand menu. When you are finished:

  1. Return to the Manage Activity Account page or click the Exit link at the top of the page.
  2. Check the Switch back to (your account) box.
  3. Click the Submit button to return to your own account.

How do I remotely log into the activity account?

If you are an administrator for an activity account, your PennName has been added to the account's Kerberos authorization file (.k5login). This allows you to access the account without a password, using kerberized client software.

How do I log into the activity account from ENIAC?

For example, here is one way to access the command line of the activity account on eniac.seas.upenn.edu:

  1. SSH to your account on eniac.seas.upenn.edu (replace username with your account name):

    ssh username@eniac.seas.upenn.edu
  2. Type kinit and enter your PennKey password (optional if you used your PennKey credentials to log into eniac).

  3. Type klist to view your Kerberos ticket granting ticket and expiration (optional).

  4. You can now SSH to any account you manage without needing a password (replace activityaccount with the activity account name):

    ssh activityaccount@eniac.seas.upenn.edu

How do I log into the activity account from my own computer with Kerberos?

If your personal machine has Kerberos support, you can directly access the activity account from any network once you have obtained a Kerberos ticket granting ticket.

For example, on Linux or MacOS, type the following commands in a terminal (replace username with your own account and activityaccount with the name of the activity account):

kinit username@UPENN.EDU
ssh -o "GSSAPIAuthentication yes" activityaccount@eniac.seas.upenn.edu

How do I log into the activity account using a password?

It is also possible to log into the account interactively using the account's SEAS local password, if it has been set following the instructions at the top of this page. Be sure to share the password securely and reset it when sharing is no longer desired.

How do I get access to an activity account?

If the instructions on this page do not work for you, it probably means you have not been designated an administrator and added to the activity account's .k5login file. The first step is to request access from the registered contact of the activity account or your supervisor, who can contact CETS with a request to grant you access. If you do not know who the contact is, please contact CETS with your request for access. CETS will ask the registered contact for authorization before you are granted access.

© Computing and Educational Technology Services