How do I manage a SEAS activity account?
Administrators are listed in the activity account's Kerberos authorization
~/.k5login) in the format
pennname@UPENN.EDU (where pennname is a
valid PennKey username), one on each line. All listed administrators will be
able to remotely log into the account using kerberized clients. Administrators
with SEAS accounts are also able to proxy as the activity account in the SEAS Account Management
website to change various passwords, configure Google@SEAS and manage other
resources for the account.
How do I change passwords for an activity account?
To change the SEAS local (eniac login), Google@SEAS or MySQL passwords for the account:
- Visit the Manage Activity Account page.
- Log in with your own PennKey, if prompted.
- Enter the username of the activity account you want to manage.
You are now proxying as that account and should be able to change the passwords for it using the options in the lefthand menu. When you are finished:
- Return to the Manage Activity Account page or click the Exit link at the top of the page.
- Check the Switch back to (your account) box.
- Click the Submit button to return to your own account.
How do I remotely log into the activity account?
If you are an administrator for an activity account, your PennName has been
added to the account's Kerberos authorization file (
This allows you to access the account without a password, using kerberized
Penn VPN software is required for all SSH connections from networks that are outside of PennNet.
Before connecting to a machine on PennNet via SSH from an external network, you must install and run the University Client VPN software:
How do I log into the activity account from ENIAC?
For example, here is one way to access the command line of the activity
SSH to your account on
eniac.seas.upenn.edu(replace username with your account name):
kinitand enter your PennKey password (optional if you used your PennKey credentials to log into eniac).
klistto view your Kerberos ticket granting ticket and expiration (optional).
You can now SSH to any account you manage without needing a password (replace activityaccount with the activity account name):
How do I log into the activity account from my own computer with Kerberos?
If your personal machine has Kerberos support, you can directly access the activity account once you have obtained a Kerberos ticket granting ticket.
For example, on Linux or MacOS, type the following commands in a terminal (replace username with your own account and activityaccount with the name of the activity account):
ssh -o "GSSAPIAuthentication yes" firstname.lastname@example.org
How do I log into the activity account using a password?
It is also possible to log into the account interactively using the account's SEAS local password, if it has been set following the instructions at the top of this page. Be sure to share the password securely and reset it when sharing is no longer desired.
How do I get access to an activity account?
If the instructions on this page do not work for you, it probably means you
have not been designated an administrator and added to the activity account's
.k5login file. The first step is to request access from the
registered contact of the activity account or your supervisor, who can contact CETS with a request
to grant you access. If you do not know who the contact is, please contact CETS with your
request for access. CETS will ask the registered contact for authorization
before you are granted access.