How to Manage a SEAS Activity Account

Administrators are listed in the activity account's Kerberos authorization file (~/.k5login) in the format pennname@UPENN.EDU (where pennname is a valid PennKey username), one on each line. All listed administrators will be able to remotely log into the account using kerberized clients. Administrators with SEAS accounts are also able to proxy as the activity account in the SEAS Account Management website to change various passwords, configure Google@SEAS and manage other resources for the account.

Manage Activity Account

Change Account Passwords

To change the SEAS local (eniac login), Google@SEAS or MySQL passwords for the account:

  1. Visit the Manage Activity Account page.
  2. Log in with your own PennKey, if prompted.
  3. Enter the username of the activity account you want to manage.

You are now proxying as that account and should be able to change the passwords for it using the options in the lefthand menu. When finished:

  1. Return to the Manage Activity Account page or click the Exit link at the top of the page.
  2. Check the Switch back to (your account) box.
  3. Click the Submit button to return to your own account.

Remote Login

If you are an administrator for an activity account, your PennName has been added to the account's Kerberos authorization file (.k5login). This allows you to access the account without a password, using kerberized client software.

For example, here is one way to access the command line of the activity account via eniac.seas.upenn.edu, using SSH:

  1. SSH to your account on eniac.seas.upenn.edu (replace username with your account name):
    ssh username@eniac.seas.upenn.edu
  2. Type kinit and enter your PennKey password (optional if you used your PennKey credentials to log into eniac)
  3. Type klist to view your Kerberos ticket granting ticket and expiration (optional).
  4. You can now SSH to any account you manage without needing a password (replace username with the activity account name):
    ssh username@eniac.seas.upenn.edu

If your personal machine has Kerberos support, you can directly access the activity account from any network once you have obtained a Kerberos ticket granting ticket (for example, by typing kinit username@UPENN.EDU in a terminal).

Note: MacOS users may need to add the following line to ~/.ssh/config:

GSSAPIAuthentication yes

It is also possible to log into the account interactively using the account's SEAS local password, if it has been set following the instructions at the top of this page. Be sure to share the password securely and reset it when sharing is no longer desired.

Note: If the instructions on this page do not work for you, it probably means you have not been designated an administrator and added to the account's .k5login file. Please send an email to cets@seas.upenn.edu with your request to be added and CC the contact for the account or your supervisor.

© Computing and Educational Technology Services | Contact CETS
cets@seas.upenn.edu | 215.898.4707