• About us
• Job Offers
• Events
• Research
• Teaching
• Theses
• Publications
• Software
• Cooperation Partners
• People
• Contact

• Internal

FAQ for local users

Please make sure to read (and understand) the contents of this document before hassling the system administrators. However, in the case of a suspected malfunction, a security problem or an imminent collapse of the sky (and/or our building) do not hesitate to send an email to admins@cdc.informatik.tu-darmstadt.de. Please note that system administrators in general prefer e-mail(s) over phone calls and "brief" office visits. We are no exception.

Remote Access

Remote logins

Remote logins onto the Solaris and Linux machines are only possible using the Secure Shell Protocol. All plaintext protocols such as Telnet, rshell/rlogin/rexec are disabled.

File transfers

We do not support FTP. Please use Secure Copy (scp) or Secure FTP (sftp) instead. Secure FTP logins are only supported on the Linux machines at the moment.

Alternatively, if a sub-directory NT-home within your home directory exists, you can access its contents via SMB from within our internal network through our Samba server samba.cdc.informatik.tu-darmstadt.de. Please note that SMB transferred data is not encrypted on the wire and thus prone to interception.

E-Mail

Setup

Mails can be retrieved using either IMAP or POP3. It is strongly recommended to enable transport layer security (TLS/SSL). In the near future, support for unencrypted connections will be completely disabled. A quota of 1 Gigabyte mail storage per user is enforced on the server. You will be warned (by email) if you get close to the quota. However, once the quota limit is reached, mails to your account will be bounced.

Mail spools in /var/mail are deprecated. This means that if you previously read your mails using a command line reader such as pine or mutt, you can still read your mails via IMAP, but you need to adjust your configuration file accordingly. Deleting your configuration file (.pinerc or .muttrc respectively) will provide sane defaults for IMAP access. Elm is no longer supported - although IMAP patches for Elm exist, they are very sketchy and unstable. Those of you accustomed to reading their mailspool using less: you now need to make use of fetchmail to get the same cozy feeling.

Mail filtering using Sieve

Server-side filtering of incoming mail is supported by means of a filter implemeting the Sieve filtering language (RFC 3028). Sieve scripts can be created and edited using a web interface. Alternatively, the sieveshell command or built-in Sieve functionality in some mail clients (such as KMail, Mulberry or the Thunderbird Sieve extension) can be used to modify scripts. The latter mechanism however is not officially supported and is only allowed from within the internal CDC network. Caveat: sieveshell is not installed on the machines in the Solaris network.

Placing a .sieve file into your home directory will no longer work; you have to use one of the above methods!

Printing

Printing System

We're using the Common Unix Printing System (CUPS) to give our users networked access to our printers. Our CUPS server can be reached at the following address:

You can also look at the status of all printers or the CUPS manual.

Maintained systems

On the offically maintained boxes, the printing system comes pre-configured. Here you can use the command printers to obtain a list of all printers, and the following modifiers on the print queues (several equivalent modifiers may be listed per line, these are then seperated by a comma):

modifier	effect
2up	scale and rotate pages such that 2 logical pages fit onto a physical page
dup, duplex	print duplex: print onto both sides of the sheet
one, sgl, single	single-sided printing. this should work even when the postscript contains statements for duplex printing.

Virtual Private Network

For mobile users our research group operates an OpenVPN gateway into our internal network. This access method is usable over both the access points broadcasting the SSID CDC and the SSID hrz, which means you can use it campus-wide. Using the OpenVPN gateway instead of the HRZ VPN gateway gives you full access to all of our internal resources, including to the printers. Please be advised to double-check printer settings when printing from off-site locations. After all, you probably don't want to have your bank statements printed in the lab when being at home.

For authorization, your laptop needs to identify itself with an X.509 server certificate. You will then be given the same IP that you were to get from our DHCP server for your wired network card. The server certificates can be obtained from Erik Tews or Ralf-Philipp Weinmann. Please be advised that the condition for being allowed to operate this gateway campus-wide was a mandatory retention; this was mandated by our HRZ. The connection log files will be kept for 90 days.

Switching between wired and wireless access (via the VPN gateway) will cause our network gateway to see the same IP address to be associated to two different MAC addresses. After a switch, you will not be able to get access to any resources outside of the CDC network for approximately 5 minutes. You can circumvent this delay by sending a ICMP echo packet (ping) to gate.cdc.informatik.tu-darmstadt.de.

Wiki

Our internal Wiki requires a valid certificate in the name space

issued by the RBG CA. This Wiki can only be accessed by associates of our research group, not students. Roswitha Jaeger-Beck and Erik Tews are the contact persons for the enrollment process. The PKCS#12 files containing the key encrypted with the user-chosen password will be transferred by email after the enrollment is complete.

Physical access to the premises

Our department uses so called "Transponders" (black key fobs shaped like Hockey pucks, but much lighter) for controlling physical access to the building and the offices. For students writing their Diplom, Master or Bachelor thesis and students working on a lab session, the advisor can send the serial number of the Transponder(s) as well as the corresponding name(s) and matriculation number(s) to transponder@cdc.informatik.tu-darmstadt.de. Our secretary will then sanity check and forward this request to the appropriate contact in the RBG. Please note that a termination or suspense of your account will also cause a revocation of your Transponder privileges to our offices and/or the lab.

Do not open the Transponder (the battery may fall out, then it needs to be re-programmed). Do not submerge it into liquids (there's a reason why we have to point this out - please do not ask about it).