Question #1: Do I have to read all that stupid documentation!#!?

Answer: No. Just connect your browser to here (http://auth.pppl.gov), Authenticate with your SecurID, and go....

Question #2: I did what it says and I can't get it to work!

Answer: If you can't get it to work using the https method, try connecting here (http://gfw-esnet.pppl.gov:900) instead. If this fails, try to telnet to port 259 at gfw-esnet.pppl.gov (telnet gfw-esnet.pppl.gov 259). If you're still stuck, call the helpdesk (x2275). Please record your ip address and the time at which the problem occurred.

Question #3: I've used my SecurID before, but it doesn't work now!

Answer: If you haven't used it in a while, it may be out of sync with the authentication server. If you enter the wrong SecurID pin and/or number more than three times you will get locked out and your SecurID badge will no longer work. You can use P-sync to either resync your tokencode or to generate a number of "emergency" codes for you. P-Sync is located at http://password.pppl.gov/ or refer to http:/access.pppl.gov/p-sync for details.

Question #4: I seem to authenticate just as the directions suggest, but then I can't connect?

Answer: It's possible that you're using a proxy server. What this does is to authenticate your proxy server ip and not your ip number. This can happen to people who have cable modem connections as well as under other circumstances. To fix this, look under the Netscape preferences menu and select direct connection to the internet. With Explorer, there is a similar setting under Tools/Internet Options/Connections/Lan Settings. Uncheck the box which says "Use a proxy server".

Question #5: Do I need to authenticate when I come into the lab through the lab's modem banks?

Answer: You do not need to authenticate when using the lab's modem banks.

Question #6: Why do I need to use SecurID when I only use https to authenticate? Shouldn't that protect my username and password from network sniffers?

Answer: No. The problem is not that the connection to the firewall is exposed, but that many people use the same username and password pair in other ways that does expose these to hackers. The use of a one-time non-reusable password system is one of the best ways to insure a high level of protection against stolen passwords.

Question #7:  I'm having X-terminal troubles. I seem to be able to authenticate, but then I can't get a window to show up on my X-teminal?

Answer: X-terminals can be used in many ways and the problem is likely to be that you've not authenticated the node to which the window is really trying to be written. The best way to work if you're off-site is to run a window manager locally and then use ssh to reach the PPPL node that you'd like to work on. The X-traffic back to your X-terminal will then go through the ssh channel and everything should work fine.

If you're still having problems even after switching to ssh, it may be because your DISPLAY variable is not set properly. As an example, if you're working on orion and you type echo $DISPLAY, it should say something like orion.pppl.gov:xx.0 where xx is 10 or greater. If it doesn't say orion, this may be causing problems. You should look around in the various startup files (.cshrc, .bashrc, etc..) and find where the DISPLAY variable is set and remove it. You should let ssh handle the DISPLAY variable. Users shouldn't be trying to set it in their startup files.

It's hard to guess at all the possible combinations that people can come up with using X-terminals, so if you're still having problems after reading this, send an e-mail to unixadmin@pppl.gov describing when you tried and had problems and include as much information as you can about what nodes you were using (ie. what the ip number of the x-terminal is, what the ip number of the window manager is, and any other information that you may have about what you were trying to do.) Again please tell me WHEN you tried and failed.