HPC @ Uni.lu

High Performance Computing in Luxembourg

Migration to IPA

At the occasion of the last maintenance of the iris cluster, we have migrated the user accounts historically managed by an OpenLDAP system toward IPA It will bring increased security in the management of user identity policies, while bringing more flexibility for you in the management of your account.

After the successful import of the existing accounts from LDAP to IPA, we have made a tremendous work and careful review of each account attributes (including SSH keys, contact details, GECOS, organization units etc.) to sanitize the IPA user base, and new access policies have been enforced:

  • the SSH access to the iris cluster is granted for the public keys configured within your IPA account.
    • in particular, any key configured in your local .ssh/authorized_keys are not relevant any more, except for connection between the computing nodes (i.e. when used in collaboration with SLURM tools)
  • By default, your passwords have been migrated in pre-hashed format and need to be upgraded toward Kerberos keys. This can only be done upon presentation of the password thus all migrated users will have to login on the new account portal (you should have received the URL) before they can use their accounts.

Once migrated, you can use the portal to manage your account, including to reset your password and/or add new SSH keys.

Here are instructions/guidelines for the most common actions you will likely wish to handle through this portal:

  • Login on the IPA Web UI: use the URL communicated to you by the UL HPC team
  • Change your password: Once loggued, click on the “Actions” menu (top buttons) and select ‘Reset Password’
    • Enter your Current Password, the New Password (twice) and select ‘Reset Password’
  • Update your SSH key: on the right panel, under the ‘SSH public keys’, you can either:
    • “Delete” existing keys
    • “Add” new public keys, in which case just copy/paste it in the popup and click on ‘Set’