[simple]
[plain]
This page summarize possibilities of authentication alias verification of user identity in MetaCentrum.
MetaCentrum covers hundreds of computational machines and the other services as web portal, network file systems or RT system. All the things need authentication. Different ways of authentication are sufficient for different events.
Base of authentication is created by the Kerberos system. The main thing from users point of view is that you have the same password everywhere in MetaCentrum. MetaCentrum administrators do not know users password and if you forget your passsword you must follow the instruction on the page Password change.
You can use digital certificate instead of Kerberos password to enter to internal section at portal. It's more comfortable to use. Digital certificates verify the identity in the most properly way of all methods that's the reason why we use verification with certificate at the others services where we must be sure about user identity.
The secret key belongs to the digital certificate and you have to protect it as good as you can. USB tokens serve to very strong protection of secret key. The tokens are special cryptographic devices which are available to connect throught USB port to every PC. Secret key can't be separate outside; encrypt operations run inside the token.
In case you want to set for a journey you may appreciate possibility of using One Time Password generated in mobile phone. Using this you can effectivelly protect eavesdropping in enemy environment, eg. Internet cofee-bar.
In case you are on the road your access to MetaCentrum machines may be blocked. In several cases may help to create (Virtual Private Network - VPN). You get IP adress to you machine from MetaCentrum range.
During the trip with notebook throught academic place of work in whole Europe you can get the wi-fi access to the Internet throught federation EDUROAM into which is also the CESNET and the SCB at Masaryk university connected