ACNET Console User's Guide

Authorized users of the ACNET console system can run an ACNET Console Instance and have it display on any workstation which supports the X Window protocol. This includes Linux and Unix workstations, PC's with Cygwin-X or Exceed, and Macs with XQuartz.


In order to run an ACNET console on your desktop, you need to have an account on the Linux ACNET console computers. You can request one by sending an email to Jim Smedinghoff. Please include your Fermilab ID number and your kerberos principal name.

Controls Firewall and Gateway

The ACNET control system is located behind a firewall. Kerberos authentication is required to access control system computers from outside the firewall. Two kerberized systems called OUTLAND.FNAL.GOV and OUTBACK.FNAL.GOV have been set up as gateway nodes. It is necessary to login to OUTLAND or OUTBACK in order to login to nodes inside the firewall. When users request a console account, they are also given accounts on outland and outback.

Starting an ACNET Console -- Windows with Cygwin-X or Exceed

Most Accelerator Division PC's have Cygwin-X, MIT Kerberos for Windows, and the Acnet Customizations for Windows Users installed. This allows a user to start an ACNET console by clicking on an icon. See Install on Home PC for installing this software on other PC's.

Acnet Customizations for Windows Users

The Acnet Customizations for Windows Users is a series of shortcuts and scripts which make running an ACNET console and developing ACNET programs easier. The details of dealing with the gateway nodes (outland and outback) are hidden from the user. The modifications include:

New versions of the Acnet Customizations are released from time to time in order to fix bugs, add new features, or to track changes in the control system and other software. (Release Notes here) The latest version can be installed as follows:

Download and execute acnet-custom-installer.

To start an ACNET console, do one of the following:

To stop the console:

Running an ACNET Console at home

There are a few issues which can come up when running an ACNET console at home. If you have a home router, it will block outside connections to your PC's X server.

The easiest way to run a console behind a home router is to use the "CnsRun VIASSH" and "clx PuTTY" items in the Start->Programs->Acnet menu. These will use the ssh protocol, which is able to tunnel your X connection through your router.

Home users can use the Controls Web Proxy to access Fermilab web pages which are restriced to on-site access and web servers which are inside the controls firewall.

Another way around home router problems is to use the Fermilab VPN. The VPN will also allow you to access restricted Fermilab web pages as if you are at the lab.

Starting an ACNET Console -- Other Platforms

General Principles

X Security

Since Fermilab security policy does not permit open X servers, you need some way of authorizing the Acnet console host nodes to open windows on your X display. The easiest way to accomplish this is to tunnel your X connection using SSH. You can also specify the MIT-Magic-Cookie value needed to access your X display in the launch command (described below). Use the xauth command to list your cookie value.

Another way to handle X security is to add all the Acnet console hosts, to your X server's authorized xhost list. WRQ Reflection X users would edit their xhosts.txt file. Mac and Linux users would use the xhost utility.

Getting Past The Firewall

First you need to login to or, the firewall gateway nodes, such that you have a forwardable Kerberos ticket there. You can login using: Kerberized ssh or Kerberized rsh. ssh has the advantage that it can forward your X connection. You can check that your Kerberos ticket has been forwarded to the gateway node by doing "klist -f"

The Launch Command

Once you are logged into outland or outback, you can use the launch command to start a console or other program on a Linux node. The launch script does several things for the user:

The general form of the launch command is:

launch host display[:cookie] command

host can be:

display can be:

cookie is the MIT-Magic-Cookie used to get permission to access the X display.

Some useful launch commands are:

To stop the ACNET console:

X Server considerations

ACNET consoles use several custom fonts. Accelerator Division Windows users have these fonts installed on their PC's. For other users, ACNET adds a font server to the X server's font path in order to access these fonts. If the X server is configured to prohibit this, ACNET makes do with the available fonts, resulting in missing and substituted special characters.

More Documentation

Last updated 21-Apr-2017 by Jim Smedinghoff

Security, Privacy, Legal