Service Accounts use with the Scientific Computing Linux Clusters

Service accounts may be used with the Scientific Computing (SciC) Linux Clusters as described in the Use Cases sections

Request a New Service Account

On the Service Now catalog

  • Search for Network logon (request).
  • Select 'Service/generic account (Network logon/request)'
  • Select the appropriate site
  • Fill in the requested details.

After you get the account created in Service Now please contact hpcsupport@partners.org to have it setup in the system.

Use Cases

Data Transfer and Backup

For running scheduled / automated data transfer tasks to copy files between the SciC Linux Clusters and other servers or run backups

Web Applications

For running web applications that reside on SciC Linux Clusters virtual machines

Running computational jobs

If you have adopt-a-node resources on SciC Linux Clusters then a service account can be attached to your SciC Linux Clusters group for running computational jobs on your adopt-a-nodes.  Service accounts cannot use the general pool of compute nodes.

Authentication Tokens   

For automated data transfer tasks where your Mass General Brigham credentials are required (for example, transferring a backup to MAD3) the credentials of the service account may be stored in an encrypted "keytab" file which is used in place of a plain text password.  Create a keytab file (for service accounts only) using the kutil tool, replacing "abc123" with the name of your service account, as follows:

$ ktutil

ktutil: add_entry -password -p abc123 -k 0 -e arcfour-hmac
Password for abc123@PARTNERS.ORG:
ktutil: write_kt abc123.keytab
ktutil: quit

Having created the keytab file (named abc123.keytab in this example), include this line in your LSF job file to access the credentials:

kinit -k -t abc123.keytab abc123@PARTNERS.ORG

The keytab file will need to be regenerated every 90 days when the service account password is changed

Go to KB0034113 in the IS Service Desk

Related articles