The school ‘single signon’ system
The school has a 'Single Signon' (SSO) directory, which gives access to a number of school-wide resources.
As of early/mid 2018, this gives access to the undergraduate Linux machine brutha, the JupyterHub service, and new desktop installs. This directory also gives access to the ssh bastion login hosts, which are one of the ways you can log in to school machines..
There are various other sets of logins/accounts within P&A.
There are three different categories of accounts in this system: undergrad/GUID, staff/GUID and staff/local.
-
Undergrad/GUID: Essentially all P&A undergraduates will end up with an account on this system. This account has the same name as the GUID – thus
1234567x
– and the same password, which users manage on the campus GUID page. We aim to create accounts for all P&A undergraduates at the start of each session, but it's hard to do this reliably, so if you've been missed, you can self-enrol. -
Staff/GUID: All P&A staff and postgrads can claim an account on the SSO system. This account will have the same name as the GUID – thus
abc12x
– and the same password. Staff can self-enrol.We expect most new staff accounts, from now on, to be of this type.
-
Staff/local: these use a separate set of usernames, with local authentication. These are a replacement for the previous (and rather antique) login directory for ‘school unix’ accounts. Accounts of this type are all letters – thus
fredbloggs
. We expect most new staff accounts will be of the staff/GUID type, but there are various reasons why a staff/local account is reasonable – consult your local IT support people. For example, accounts for external collaborators, and others who don't have a GUID, will naturally be of this type. Staff who use school-unix systems may reasonably, but need not, have both a local account for school-unix research machines, and a GUID-style account for teaching purposes. Talk to Norman Gray if you need one of these accounts.
The GUID-based accounts use your GUID as the username, and authenticate using the campus GUID system, but they are nonetheless a distinct account from the campus-wide one. Most of the time, you shouldn't have to care about the difference, but the campus IT helpdesk, for example, doesn't know about these local accounts, and a fortiori doesn't support them.
On the SSO identity page, you can:
- examine your account details, including the list of user groups you are part of;
- reset the password for staff/local accounts;
- add an SSH key for logins
(the more usual keys in
~/.ssh
are only patchily supported).
The SSO identity service is only available on-campus (which includes using the VPN).