Difference between revisions of "Faq"
| Line 66: | Line 66: | ||
| − | Initiate the first SSH connection and authenticate via the provided URL: | + | Initiate the first SSH connection and authenticate via the provided URL. You will see something like: |
<pre> | <pre> | ||
$ ssh ui04.pic.es | $ ssh ui04.pic.es | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
(tallada@ui04.pic.es) Authenticate at https://idp.pic.es/realms/PIC/device?user_code=FPTB-HKEV and press ENTER. | (tallada@ui04.pic.es) Authenticate at https://idp.pic.es/realms/PIC/device?user_code=FPTB-HKEV and press ENTER. | ||
</pre> | </pre> | ||
Revision as of 13:57, 15 April 2026
How do I reset my password?
You can reset your password using the following link: https://www.pic.es/user/auth/forgotpw
Can an undergraduate student in my group have an account?
Yes. Undergraduate students can have PIC accounts without any problem.
How do I get a Kerberos token?
A valid token is needed to interface with some PIC services, like the Hadoop platform (HDFS, Hive, Spark, ...) or CTA. Tokens are issued for the machine in which they are requested, if you hop to another machine, you may need to get another token.
In order to get a token, run the following commands on a terminal. If you are on JupyterLab, use Launcher → Terminal.
kinit -n -c ~/.fast.ccache @PIC.ES kinit -T ~/.fast.ccache
You could also define an alias for your own convenience:
alias kinit="kinit -n -c ~/.fast.ccache @PIC.ES; kinit -T ~/.fast.ccache"
Optionally, you can check the presence and expiration date of your token using:
klist
I lost access to my OTP, how can I reset it?
Follow these steps to recover your account and configure a new OTP token.
- On the Keycloak login page, click Forgot password / OTP.
- Enter your username. You should receive a recovery email in your inbox.
- Open the email and follow the recovery link.
- Scan the new QR code with your authenticator app.
- Enter the generated OTP code and a device name.
- The device name is mandatory.
- Change your password when prompted.
- This is required for security reasons.
- Log in again as usual.
- On the OTP selection page, you will see two devices.
- Select the device with the name you just entered.
- The old one will usually appear as unnamed (if no name was set previously).
Afterwards, we recommend removing the old OTP factor from the user profile section.
What is the simplest way to avoid repeated SSH authentication?
The easiest way is to configure your SSH connection using ControlMaster, which allows multiple sessions to reuse a single authenticated connection.
On your client machine, edit the file ~/.ssh/config and add the following lines:
Host *
ControlMaster auto
ControlPath ~/.ssh/cm-%r@%h:%p
ControlPersist yes
Instead of Host *, you can restrict this to a specific host, for example:
Host ui04.pic.es
Initiate the first SSH connection and authenticate via the provided URL. You will see something like:
$ ssh ui04.pic.es (tallada@ui04.pic.es) Authenticate at https://idp.pic.es/realms/PIC/device?user_code=FPTB-HKEV and press ENTER.
Complete the authentication in your browser, then press ENTER. Once authenticated, the SSH connection remains open in the background, and you can safely close your terminal session. The connection will persist indefinitely (until machine reboot or a network interruption).
Subsequent SSH connections to the same host will reuse the existing session and will not require authentication again:
$ ssh ui04.pic.es Last login: Tue Apr 14 13:25:33 2026 from 10.212.134.205 [tallada@ui04 ~]$