Skip to Content.
Sympa Menu

sphenix-l - [Sphenix-l] RCF webmail upgrade and MFA - please read

Please Wait...

sphenix-l AT lists.bnl.gov

Subject: sPHENIX is a new detector at RHIC.

List archive

Chronological Thread  
  • From: pinkenburg <pinkenburg AT bnl.gov>
  • To: "sphenix-l AT lists.bnl.gov" <sphenix-l AT lists.bnl.gov>, PHENIX Current Participants <phenix-p-l AT lists.bnl.gov>
  • Subject: [Sphenix-l] RCF webmail upgrade and MFA - please read
  • Date: Sat, 28 Mar 2020 12:22:56 -0400

Hi folks,

as of April 15th the DOE requires that external access to imap (which is how we access rcf emails) has to use multi factor authentication (MFA). This will be somewhat disruptive and rcf has been working on mitigating this (this is not the end of rcf mail). Given the current circumstances there hasn't been a lot of discussion and/or clarification how this is going to work exactly.

What does this mean for us (rcf mail users)?

Inside BNL (means if you are on the internal network like on a plugged in desktop) nothing changes. Users who use outlook with the BNL office 365 email are also not affected. Our mailing lists are not affected and your ability to send mail.

The change to webmail (https://webmail.rhic.bnl.gov) is minor and it will go first as announced here. It will use Google Authenticator for MFA and you will see a QR code on your first login. It'll be upgraded to this on March 30th, MFA will be enforced April 6th - please use this time window to see that this works for you. This will work even if you have problems reading mails via an email client.

For email clients (e.g. thunderbird) the problem is that MFA for imap is not really supported yet. To access imap externally you can use either vpn or an ssh tunnel (which many of us who work with rcf do anyway). The instructions are - as mentioned in the announcement - under

https://www.phy.bnl.gov/computing/index.php/RCF_Email_MFA

To use vpn you need a BNL domain account which is largely for BNL employees. The ssh tunnel needs an rcf account (which all rcf mail users have) and you need to log into an rcf gateway (rssh.rhic.bnl.gov) and set up the tunnel:

ssh -L 1993:mail.rhic.bnl.gov:993 <user>@rssh.rhic.bnl.gov

I tried it just now, I switched thunderbird on my laptop to use localhost and port 1993 in the server settings for my rcf email and I am using this right now. I see this as the preferred way but it means you have to be able to log into your rcf account. Now is probably a good time to get this to work (remember the password change last year - not everyone has done that and you'll need to file a ticket to have it changed)

As mentioned in the instructions there will be more convenient ways in the future since email clients will evolve to support MFA but sadly the April 15th deadline is mandated and we have to make the best out of it. But again - this is not the end of rcf mail service.

I set up a public channel in mattermost (PHENIX and sPHENIX together, there is no point having this separately) for questions:

https://chat.sdcc.bnl.gov/phenix/channels/rcf-email

If you don't have access to your rcf account I'll send you an invite (but then the first order of business will be to get your rcf account up and running since you will need it to access your emails via a mail client)

Chris





-------- Forwarded Message -------- Subject: [Rhic-rcf-l] RCF webmail upgrade and MFA Date: Thu, 26 Mar 2020 16:24:57 -0400 From: RACF Computing Facility Staff <announce AT rcf.rhic.bnl.gov> To: rhic-rcf-l AT lists.bnl.gov

Department of Energy (OCIO) requires that all external access to email should be protected by multi-factor authentication by April 15th 2020. Due to this, users logging into the new webmail server will be required to setup multi-factor authentication.

RCF webmail - https://webmail.rhic.bnl.gov will be upgraded on 03/30/2020 at 10am. Multi factor authentication will be enforced on 04/06/2020 for webmail for all users.

As IMAP protocol does not natively support multi-factor authentication, after April 15th 2020, access to external IMAP clients (thunderbird,bluemail,outlook) will not work and you will need to use BNL VPN or SSH tunnels to access email. Access to IMAP clients on BNL campus networks will continue to work as it is working currently.
If you have difficulties reading email following the DOE-mandated changes, please check this website for updates or submit a RT ticket.
https://www.phy.bnl.gov/computing/index.php/RCF_Email_MFA


--
This message has been forwarded from the RACF announcements page.
Recent messages are available at:
https://www.racf.bnl.gov/Facility/RACFNews/announce.html
_______________________________________________
Rhic-rcf-l mailing list
Rhic-rcf-l AT lists.bnl.gov
https://lists.bnl.gov/mailman/listinfo/rhic-rcf-l


  • [Sphenix-l] RCF webmail upgrade and MFA - please read, pinkenburg, 03/28/2020

Archive powered by MHonArc 2.6.24.

Top of Page