March 7, 2022
Service accounts may be used with the ERISOne Linux Computing Cluster as described in the Use Cases sections
Request a New Service Account
On the Service Now catalog:
- Search for Network logon (request).
- Select 'Service/generic account (Network logon/request)'
- Select the appropriate site
- Fill in the requested details.
After you get the account created in Service Now please contact firstname.lastname@example.org to have it setup in the system.
Data Transfer and Backup
For running web applications that reside on ERISOne virtual machines
Running computational jobs
If you have adopt-a-node resources on ERISOne then a service account can be attached to your ERISOne group for running computational jobs on your adopt-a-nodes. Service accounts cannot use the general pool of compute nodes.
For automated data transfer tasks where your Mass General Brigham credentials are required (for example, transferring a backup to MAD3) the credentials of the service account may be stored in an encrypted "keytab" file which is used in place of a plain text password. Create a keytab file (for service accounts only) using the kutil tool, replacing "abc123" with the name of your service account, as follows:
ktutil: add_entry -password -p abc123 -k 0 -e arcfour-hmac
Password for abc123@PARTNERS.ORG:
ktutil: write_kt abc123.keytab
Having created the keytab file (named abc123.keytab in this example), include this line in your LSF job file to access the credentials:
kinit -k -t abc123.keytab abc123@PARTNERS.ORG
The keytab file will need to be regenerated every 90 days when the service account password is changed