September 12, 2023
Service accounts may be used with the Scientific Computing (SciC) Linux Clusters as described in the Use Cases sections
Request a New Service Account
On the Service Now catalog:
- Search for Network logon (request).
- Select 'Service/generic account (Network logon/request)'
- Select the appropriate site
- Fill in the requested details.
After you get the account created in Service Now please contact hpcsupport@partners.org to have it setup in the system.
Use Cases
Data Transfer and Backup
For running scheduled / automated data transfer tasks to copy files between the SciC Linux Clusters and other servers or run backups
Web Applications
For running web applications that reside on SciC Linux Clusters virtual machines
Running computational jobs
If you have adopt-a-node resources on SciC Linux Clusters then a service account can be attached to your SciC Linux Clusters group for running computational jobs on your adopt-a-nodes. Service accounts cannot use the general pool of compute nodes.
Authentication Tokens
For automated data transfer tasks where your Mass General Brigham credentials are required (for example, transferring a backup to MAD3) the credentials of the service account may be stored in an encrypted "keytab" file which is used in place of a plain text password. Create a keytab file (for service accounts only) using the kutil tool, replacing "abc123" with the name of your service account, as follows:
$ ktutil
ktutil: add_entry -password -p abc123 -k 0 -e arcfour-hmac
Password for abc123@PARTNERS.ORG:
ktutil: write_kt abc123.keytab
ktutil: quit
Having created the keytab file (named abc123.keytab in this example), include this line in your LSF job file to access the credentials:
kinit -k -t abc123.keytab abc123@PARTNERS.ORG
The keytab file will need to be regenerated every 90 days when the service account password is changed