GSSAPI is an authentication interface supported by Microsoft Windows, MacOS, Linux, BSD and many other operating systems and software packages. This interface is enabled for the following services on our systems:
If you use an NIH-operated Windows workstation, your system is already configured to make use of GSSAPI-enabled clients. If you use MacOS or Linux, please refer to our simple Kerberos/GSSAPI Workstation Configuration Guide for instructions on getting your workstation to use the NIH.GOV domain.
Following is a (non-exhaustive) list of clients that can be used to gain GSSAPI/Kerberos (passwordless) access to various Helix services (including Biowulf).
Individuals that use their NIH-issued PIV card or NIH.GOV password to log into their workstation will have GSSAPI access to Helix/Biowulf using:
The SSH client needs to be configured to use GSSAPI. In both cases, it's a single configuration item, see the client documentation for instructions on enabling GSSAPI. Individuals that use hpcdrive.nih.gov to map network drives will not be prompted for a password when accessing their network shares when logged into the domain.
MacOS Workstations that are configured for the NIH.GOV domain, or are configured to use PIV cards for log-in, will have GSSAPI access to Helix/Biowulf using:
If your workstation is correctly configured to use the NIH.GOV domain, each of these clients should automatically use GSSAPI if it is available.
Unix/Linux/*BSD workstations can be configured for the NIH domain per the Linux section of these instructions. Once that's done the following clients can use GSSAPI to access Helix services: