request.dl.ac.uk

Passwords and authentication

The Systems Group has a central LDAP authentication system which we use for all our machines. This is in order to reduce the number of passwords that users will need to remember. However there are three different authentication tokens which users may need to hold.

1. The Unix password. This is the main password, used to log into service machines. This password can be changed using the passwd command on a service machine, or reset using the online password changer at http://request.dl.ac.uk/password.
2. The rt password. These are automatically generated by rt and emailed back to the user. The only use for these is logging into rt to find out the status of your requests. We have separate Unix and rt passwords partly because the rt passwords are emailed in the clear, and partly because we want to accept requests from anywhere, regardless of whether the sender is in our authentication system. To request a new rt password, please email general@request.dl.ac.uk.
3. Grid certificate. We use these to authenticate a user when they set their Unix password. The process of getting a certificate leaves it installed in the user's browser, so the authentication on setting the password is completely transparent.

Getting a grid certificate

A quick summary of the Grid Support Centre's documentation on getting a grid certificate, for dl staff:

• Accept the Grid Support root and CA certificates by going to http://ca.grid-support.ac.uk/pub/certs/escience-root.cer and http://ca.grid-support.ac.uk/pub/certs/escience-ca.cer.
• Fill in https://ca.grid-support.ac.uk/cgi-bin/pub/pki?cmd=basic_csr&CSR_PROFILE=PERSON, remembering to set the RA to 'CLRC DL'.
• Go to see Dr. Xiao Dong Wang in A46, with a photocopy of your ID card.
• Wait for the confirmation email and click on what it tells you to click on.

The online password changer is our recommended method of resetting passwords. If you can't use that for whatever reason, please get your password by contacting a member of the Systems Group.

Further documentation

• Adding new users to LDAP