Skip to content
R

RegApp Pilot

How-to and knowledge base for using the RegApp, a self-service tool for the RWTH compute cluster.

If questions arise that aren't covered by the pages on this wiki, please contact feedback-idm@itc.rwth-aachen.de.

Why RegApp?

The HPC Accounts at the RWTH Compute Cluster are moving to the RegApp to enable higher security measures when logging in, such as multi-factor-authentication. Starting this year, the RegApp will manage HPC user's service password and ssh-keys, and will offer multi-factor-authentication on a voluntary basis.

What Will Change?

In the first step, which encompasses migrating the RWTH Compute Cluster Accounts from the Self-Service to the RegApp, not much will change in day-to-day business. Logging in on most login nodes will remain the same as it has been. Only the login18-4.hpc.itc.rwth-aachen.de node will have two-factor authentication enabled. Other than that, the main difference will occur when changing the password associated with your HPC account: this functionality will now be located in the RegApp instead of the Self-Service.

What Is Multi-Factor-Authentication?

We all know what we need to access most websites: our username and password. With this pair of data, we authenticate ourselves: we tell the computer who we are (via the username) and then prove that we are who we claim to be (as we know the secret password associated with the username). However, this is not a very secure way of protecting resources or contents. Many people use the same username/password combination for several websites and may have their access information compromised when one of them is hacked, or have easily guessable passwords.

To shore up the protection, a second proof of identity may be required – another factor when authentication ourselves. Username/password is a factor of type knowledge: you authenticate yourself by proving you know something. Other types include possession (e.g., your state-issued ID, the key to your house, or a hardware token that is registered with your account) and inherence (something you are, e.g., fingerprints, face recognition, or looking like the picture printed on your state-issued ID), as well as location (e.g., some services may only accessible if you are in front of the physical computer, or if you are logged into a certain network).

Multi-factor-authentication (MFA) is the combination of at least two factors, ideally comprising different types. An example is the TAN used for internet banking – you first use username/password, and then have to enter a second code that is either generated in a TAN generator app on the smartphone, or with the card and an external TAN generator.

Does that mean once you have a second factor you can use the password password or 123456 (two of the most common passwords)? No! If you choose an insecure first factor, you are back down to only a single (reliable) factor to authenticate yourself with, and if that is lost, it might compromise your account.

Wiki Structure

Main

The Pilot Phase

RegApp

Login to RegApp

Logout from RegApp

RegApp Dashboard

Uploading an SSH Key

Adding 2FA Tokens to Your Account

Deregistering from RegApp

HPC Account

Registering the HPC Account

Setting the Service Password

Adding an SSH Key to your HPC account

Deregistering the HPC Account

Accessing The Cluster

Logging into CLAIX