HPSS Mass Storage
Accounts
HPSS Charging (SRUs)
HPSS Passwords
Accessing HPSS Batch Jobs
Project Directories
Sleepers
Usage examples Announcements
For New Users HPSS Statistics
Printable HPSS Docs
Related Information
HPSS Software DownloadsHPSS Collaboration
HPSS Passwords
After September 9, 2008 NERSC HPSS will be in a transitional period where passwords for the two HPSS systems, hpss.nersc.gov (the regent or backup system) and archive.nersc.gov (the user system), are handled in different ways. See below for details on the two systems:
At some point in the future archive.nersc.gov will be upgraded to behave the same as hpss.nersc.gov.
Password instructions for archive.nersc.gov
archive.nersc.gov uses the Distributed Computing Environment (DCE) for user authentication. DCE accounts are currently handled separately from other NERSC accounts.
Your DCE username, which is the same as your NERSC username, is known as your "DCE Principal."New or Forgotten Passwords
If you are getting a new HPSS account or forget your HPSS/DCE password contact NERSC Support at 1-800-66-NERSC, option 2, or (510) 486-8612 to get your password reset.
The password you receive from NERSC Account Support is temporary and must be changed before you access HPSS. Follow the procedure described below for changing your password.
Changing Your HPSS Password
You change your HPSS/DCE password by using ssh to connect to the NERSC Authentication Server, "auth.nersc.gov", and following the next example.
You will need to know a special login/password pair to log onto the authentication server, "auth.nersc.gov". This information can be obtained by logging onto any NERSC machine and typing the command:
% module help WWW
Note that this special login/password pair is only for initial access to the authentication server and is not to be confused with your HPSS/DCE username and password. To change your password do:
% ssh auth.nersc.gov -l {special login}
Enter Password: {special password}
[auth]: chpass
DCE Principal: your_HPSS_user_name
Enter Password: your_HPSS/DCE_password
New Password: new_HPSS/DCE_passwd
Re-enter new Password: new_HPSS/DCE_passwd
% exit
Note: The above example is similar, but not identical to the procedure used to generate the encrypted identity combo strings needed for FTP access to HPSS; to learn more about that matter, go to the PFTP/FTP Authentication web page.
For more general info on DCE technology, see the DCE web page.
Password instructions for hpss.nersc.gov
The hpss.nersc.gov system, also known as "regent" or "hpss", uses NIM and the NERSC LDAP server for user authentication of HPSS sessions. Your NIM username is your HPSS account and you will use NIM to set a separate password for use with HPSS.
The password does not currently expire and users may generate new passwords as often as they wish. Old passwords will still be honored. If a user wishes to reset their passwords or ensure all previously generated tokens are invalid for security reasons, they should contact NERSC User Services and request that their account be security disabled. This will initiate the process of ensuring that all previously generated HPSS passwords are no longer valid.
Because HPSS passwords do not expire, it is only necessary to generate a password one-time for continued use of HPSS. This password may be placed in a .netrc file for use by HSI, HTAR, pftp, and most FTP clients to prevent the username/password challenge.
Accessing HPSS from a system on the NERSC network
Log into NIM and select "Generate an HPSS token" from the "Actions" menu. For an example, see the screenshot below:
This will provide you with a password, an encrypted string, in the blue highlighted box that may be used by the user on any machine in the NERSC network by any supported HPSS client (e.g. FTP, pftp, HSI, or HTAR). See below for screenshot showing generated token.
Below the blue highlighted box you are also provided with a sample .netrc file with your updated password. Creating a .netrc as shown and placing it in your home directory will enable pftp, HSI, HTAR, and some FTP clients to read it upon starting a new session to HPSS and avoid username/password challenge. The screenshot below shows RIGHT HERE
Accessing HPSS from a system outside the NERSC network
To generate a string for access to NERSC HPSS from outside the NERSC network, log into NIM and select "Generate an HPSS token" from the "Actions" menu. Ignore the password provided and select "Please use this link to specify a different IP address". Then enter the IP address of the system you wish to connect to HPSS from. Note, that it prefills the box with the IP address that the browser is running on and this may not be the system you intend to access HPSS from. Enter the correct IP address and select "Generate Token". See the screenshot below showing the screen to enter the IP address:
This will provide you with a password, an encrypted string, in a blue highlighted box that may be used by the user on any machine within the same class C network as the IP address provided. You may place the encrypted string in a .netrc file for HSI or HTAR to read. This will avoid username/password challenge. A sample .netrc file with your correct password is provided below the blue highlighted box.
