Kerberos

Kerberos for Windows 4.0.1

Note: No addtional configuration is necessary when you download and install the current Kerberos for Windows 4.0.1. These steps are for reference only.

1. Launch Network Identity Manager (Windows Start menu --> Kerberos for
   Windows 4.0.1 --> Network Identity Manager)
2. Click the Network Identity Manager icon in the lower right corner of
   the system tray. The Network Identity Manager window appears.
3. From the Options menu, choose Kerberos v5 ...
4. In the left pane, click Identities, then click the Kerberos v5 tab.
5. Ensure that the Addressless checkbox is checked and click OK.
6. Destroy any existing existing credentials, then obtain new credentials.

You're now ready to use any Windows application requiring Kerberos such as Assignments.

Kerberos for Macintosh

All recent versions of macOS are Kerberos-compatible out of the box. The Ticket Manager, within the Keychain application, can be used to get Kerberos tickets by using pennkey@UPENN.EDU as the login and the appropriate PennKey password as the password.

For older versions of macOS Kerberos for Macintosh preferences installer has been configured to include the profile for the University's Key Distribution Center (KDC). No further configuration is necessary.

While the Ticket Viewer is accessible from the Keychain application, it may be useful to locate the Ticket Viewer application and drag this to the Dock for easy access. Press the Command + the space bar simultaneously to open a Spotlight search window, and search for "ticket viewer". Drag the Ticket Viewer icon to the Dock to have a permanent Ticket Viewer alias in your Dock to launch this easily in the future.

Configuring HostExplorer for Kerberos

When you install HostExplorer for Windows after downloading it from the Supported Products site, pre-configured Penn Telnet profiles appear when you first launch HostExplorer. If, however, the Telnet destination you want does not appear in the HostExplorer Open Session window, you can use the instructions below to add the new Telnet site, and then configure that profile for the Kerberos environment.

Notes:

• Before configuring HostExplorer to run Telnet in a Kerberos environment, check with your Local Support Provider (LSP) to ensure your School, department, or administrative unit supports Kerberos.
• Ensure Kerberos client software is installed on your computer.

To create a new, Kerberos-enabled Telnet profile:

1. Start HostExplorer (Start → All Programs → Hummingbird Connectivity 2006 → HostExplorer).The Open Session window displays.
2. In the Open Session window, click the Hummingbird icon, which is the middle, multi-colored icon located in the upper-right corner of the window. The New Profile window displays.
3. In the Profile Name field, type the name or a description of the Telnet destination (for example, type Telnet to pobox.upenn.edu), then in the Host Name field at the bottom of the window, type the name of the host (for example, pobox.upenn.edu).
4. Click OK to return to the Open Session window.
5. In the Open Session window, under the Profile Name column, the Telnet site that you just created is highlighted. Right-click the highlighted telnet session, then select Properties from the dropdown list. The Session Profile window appears with the name you typed in the Profile Name field in step 3.
6. Under the Categories: column, click the plus symbol (+) beside the Security option to expand it, then select General to display the contents of the General tab in the right panel of the window.
7. In the General window, select the Kerberos radio button, but do not click OK yet.  (Note: In order to select the Kerberos option you must have already installed Leash32 2.6.x on your machine. If you have not installed Leash, quit HostExplorer, install Leash, and then return to HostExplorer.)
8. Click the Kerberos tab at the top of the Session Profile window to display its contents.
9. In the Kerberos window, ensure the Kerberos Version field displays with Version 5, then click the Authentication checkbox to activate it. (Do not activate the Encryption checkbox).
10. You can now click OK to save your Kerberos configuration.
11. To connect to your Kerberized profile, you must first obtain a Kerberos ticket.

Note: If you are using HostExplorer 11.0.1.0 or any Kerberized application for the first time, refer to the documents at How to Use Your PennKey for information on how to get set up and work in a Kerberized environment.

Kerberos for Macintosh

The default version of this installer (available from the Kerberos for Macintosh Supported Products Page) attempts to detect for the use of Microsoft's Active Directory. This is done because installing the Penn Kerberos profile in an Active Directory environment will cause a loss of network connectivity.

In some cases, the default version of this installer will have a "false positive"—in other words, it will believe that the Mac is in an Active Directory environment when it is not. In this case, Information Systems & Computing (ISC) suggests using the Custom Install option within this installer.