In May 2020, several supercomputers in Europe were attacked by hackers. They used compromised accounts of users on external systems. To prevent such attacks, the introduction of multi-factor authentication on the HPC cluster is an important step.
Last year, the pilot phase for multifactor-authentication was successfully carried out on a login node of the HPC cluster. From January 15, 2024, MFA will be introduced on a mandatory basis, meaning that access to each dialog/frontend node will only be possible with a second factor.
If you have not yet set up MFA for your HPC account in the RegApp, you can easily do so with our step-by-step guide.
In order to provide you with the best possible support in setting up and to answer your questions, we offer short online consultation hours on three dates. You can find all information about the events below on the IT Center event page:
Friday, January 12, 2024 ► 1pm – 1:30pm
Monday, January 15, 2024 ► 3:30pm – 4:15pm
Monday, January 22, 2024 ► 10am – 10:45pm
In our last blog post on the topic of “Protecting the HPC Account with MFA”, we provided you with all the information you need about multifactor-authentication in the RegApp. You can select the smartphone token as your preferred token variant. The TAN list, on the other hand, serves as a backup. If you have activated MFA, you will be asked for the second factor every time you try to log in. Please note that the generated tokens are only valid for your HPC account in the RegApp and not for your account in the IdM Selfservice.(*) If you want to avoid having to enter it all the time, you can create a secure shell key pair and link it to your account. You can find out how to integrate an SSH key into your HPC account on IT Center Help.
If you have any further questions, you can visit our monthly digital HPC consultation hour.
Responsible for the content of this article are Tim Cramer und Janin Iglauer.
Puh. HOTP für IdM (für VPN), RegApp (für HPC) und noch einmal für ADAM. Mit einem einzigen Hardware-Token nicht mehr unbedingt machbar leider. Aber da kann man wohl nichts machen.
Hallo Jakob,
vielen Dank für deinen Kommentar!
Wir geben dein Feedback gerne an die zuständigen Stellen im IT Center weiter.
Viele Grüße
Das IT Center Blog Team
Vielleicht sollte man hier nochmal darauf hinweisen, dass die in der RegApp konfigurierten Token aussschließlich mit den HPC Accounts nutzbar sind und nichts mit denen zu tun haben, die im SelfService (für SSO und VPN) konfiguriert werden können…
Hallo Thorsten, danke für deinen Hinweis.
Wir haben diesen im Beitrag ergänzt und hoffen, dass es zu keinen Irritationen hinsichtlich der verschiedenen Token kommt.
Das IT Center Blog Team