spear AFS AccountThe spear AFS account is used to start/kill standalone processes on connie and beldar including PV gateway, ALH, iocLogMsgServer, Channel Watcher, iocConsole, and Unix soft IOCs. This account is "password-less" to prevent password-sharing. For more detail on SSH and AFS at SLAC, see Secure Shell (SSH) at SLAC, SSH and Shared Accounts, and the SLAC AFS Users' Guide.
Adding a New AFS UserThe owner of the spear account Stephanie or Ken must:
The new user can now ssh into the spear account without entering a password. From unix:
- Add the new user to the spear:spear AFS group as follows:
pts adduser -user <user_name> -group spear:spear
- Once the user is added to spear:spear, within 5 minutes, an automatic program is run that will add the user to ~spear/.k5login. Note that any manual edits to .k5login will be deleted within minutes so don't try it.
- Add the email address of the new user to ~spear/.forward if the new user needs to run cron jobs under spear and wants to receive email about problems with the jobs.
ssh -l spear <connie, beldar, remulak>
If you are unable to ssh into the spear account, check that your AFS token is valid. To obtain an AFS token, type kinit if it's been over 24 hours since the your last login. Also, once you ssh as spear, you retain your own token and not a spear token (ie, any files created in spear space will be owned by you, not spear).
Allowing a New User to Login to a SPEAR AFS Unix MachineStephanie or Ken enters the following command on a slac public machine:
/usr/local/bin/netgroup_adm adduser -group u-spear-servers -user <user_name>
Wait up to 30 minutes to see the change take effect. To see the current list of allowed users, login to a slac public machine like rhel6-64 and enter:
SPEAR EPICS | EPICS Home | SPEAR Home | ICD Home | SPEAR Sharepoint | SSRL Computing/Networking | SSRL Home | SLAC Computing | SLAC Networking | SLAC Home
Contact: Stephanie Allison
Last Modified: Jul 1, 2015