This page summarize possibilities of authentication alias verification of user identity in MetaCentrum.
MetaCentrum covers hundreds of computational machines and the other services as web portal, network file systems or RT system. All the things need authentication. Different ways of authentication are sufficient for different events.
Base of authentication is created by the Kerberos system. The main thing from users point of view is that you have the same password everywhere in MetaCentrum. MetaCentrum administrators do not know users password and if you forget your passsword you must follow the instruction on the page Password change.
You can use digital certificate instead of Kerberos password to enter to internal section at portal.
The CESNET CA provides PKI services for the Czech academic community. The certificates are issued to employees and students of Czech universities, Czech Academy of Sciences, and any organizations cooperating with these entities in the practice of research, educational and administrative functions as well as computers and application services operated by these organizations.
Services provided by the CESNET CA are described in certificate policies and Certificate Practice Statement CESNET CA available in the chapter Certificate Policies and Certificate Practice Statement.
CESNET CA provides the following services:
TCS Personal Certificates and Personal Grid Certificates are available throught eduID.cz web portal.
In case you want to set for a journey you may appreciate possibility of using One Time Password generated in mobile phone. Using this you can effectivelly protect eavesdropping in enemy environment, eg. Internet cofee-bar.
In case you are on the road your access to MetaCentrum machines may be blocked. In several cases may help to create (Virtual Private Network - VPN). You get IP adress to you machine from MetaCentrum range.
During the trip with notebook throught academic place of work in whole Europe you can get the wi-fi access to the Internet throught federation EDUROAM into which is also the CESNET and the SCB at Masaryk university connected
In case of access to the machine via command ssh (in MS-Windows PuTTy) It is neccessary to verificate identity of connected machine otherwise the attacker can redirect the communication somewhere. To verify the machine you need to know ssh keys of MetaCentrum machines. You can find their list at machine skirit.ics.muni.cz in file /etc/ssh/ssh_known_hosts. You have to know skirit ssh key to reach this file safe. That is why the copy of this file available on this portal througth SSL: https://meta.cesnet.cz/ssh_known_hosts