How do I manage a SEAS activity account?

Administrators are listed in the activity account's Kerberos authorization file (~/.k5login) in the format pennname@UPENN.EDU (where pennname is a valid PennKey username), one on each line. All listed administrators will be able to remotely log into the account using kerberized clients. Administrators with SEAS accounts are also able to proxy as the activity account in the SEAS Account Management website to set passwords and manage other resources for the account.

Manage Activity Account

How do I change passwords for an activity account?

Please contact CETS before setting a Google@SEAS password for an activity account. In most cases, there is a better alternative.

Administrators for a SEAS activity account can set the following passwords:

SEAS local (ENIAC login)
Google@SEAS (please contact CETS first)
MySQL (if enabled for the account)

To change the passwords for the activity account:

Visit the Manage Activity Account page.
Log in with your own PennKey, if prompted.
Enter the username of the activity account you want to manage.

You are now proxying as that account and can change the passwords using the SEAS local password or Change Mysql Password options in the lefthand menu.

Be sure to enable Two-Step Verification if you set the Google@SEAS password.

When you are finished:

Return to the Manage Activity Account page or click the Exit link at the top of the page.
Check the Switch back to (your account) box.
Click the Submit button to return to your own account.

How do I remotely log into the activity account?

If you are an administrator for an activity account, your PennName has been added to the account's Kerberos authorization file (.k5login). This allows you to access the account without a password, using kerberized client software.

Penn VPN software is required for all SSH connections from networks that are outside of PennNet.

Before connecting to a machine on PennNet via SSH from an external network, you must install and run the University Client VPN software:

University VPN Getting Started Guide

How do I log into the activity account from ENIAC?

For example, here is one way to access the command line of the activity account on eniac.seas.upenn.edu:

SSH to your account on eniac.seas.upenn.edu (replace username with your account name):

ssh username@eniac.seas.upenn.edu
Type kinit and enter your PennKey password (optional if you used your PennKey credentials to log into eniac).
Type klist to view your Kerberos ticket granting ticket and expiration (optional).
You can now SSH to any account you manage without needing a password (replace activityaccount with the activity account name):

ssh activityaccount@eniac.seas.upenn.edu

How do I log into the activity account from my own computer with Kerberos?

If your personal machine has Kerberos support, you can directly access the activity account once you have obtained a Kerberos ticket granting ticket.

For example, on Linux or MacOS, type the following commands in a terminal (replace username with your own account and activityaccount with the name of the activity account):

kinit username@UPENN.EDU
ssh -o "GSSAPIAuthentication yes" activityaccount@eniac.seas.upenn.edu

How do I log into the activity account using a password?

It is also possible to log into the account interactively using the account's SEAS local password, if it has been set following the instructions at the top of this page. Be sure to share the password securely and reset it when sharing is no longer desired.

How do I get access to an activity account?

If the instructions on this page do not work for you, it probably means you have not been designated an administrator and added to the activity account's .k5login file. The first step is to request access from the registered contact of the activity account or your supervisor, who can contact CETS with a request to grant you access. If you do not know who the contact is, please contact CETS with your request for access. CETS will ask the registered contact for authorization before you are granted access.