Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

ISC Networking and Telecommunications - Service Descriptions

For accounts on the ISC Networking and Telecommunications email servers, there are two levels of service offered - Basic and Enhanced. The service levels are based on the type of security that is used to access the account.



Basic Security Enhanced Security
The user has a local password specific to the email server account and uses tools that ISC Networking and Telecommunications provides to manage his/her password seeking aid from the account administrator, if necessary. The user has no local password to remember and manage but instead uses the PennKey for authentication.
The user uses a plain text password or a SSL/TLS encrypted password for authentication. Part of PennKey single sign-on system. When using compatible clients, the user is never challenged to present a password to read or send email.
The local password is sent over the network and is subject to eavesdropping. No password is ever sent over the network.
The user can continue to use client software that is not Kerberos compliant. These clients include SecureCRT, Netscape Messenger. The user must use only Kerberos compliant clients such as Webmail, Host Explorer, or Eudora.
Requires more administrative overhead since a local password is stored. Requires less administrative overhead since no local password is stored.


For the current rates for basic and enhanced security accounts, please see our rates page.

Frequently Asked Questions

  1. Is it possible to change all users in a department to one level of Security?
  2. I'm not in a position to switch my whole department to Enhanced Security but I'd like any new accounts created to default to Enhanced Security. Is that possible?
  3. If an account is set up for Basic Security, does that mean that the account cannot use a client that is Kerberos compliant?
  4. Where can I find out more about Kerberos compliant clients?
  5. If an account is using SSH, does that mean that the account can't use Enhanced Security?
  6. If an account is using only Webmail to read email, can that the account be set up to use Enhanced Security?
  7. The local password for an account is the same as the PennKey password. Doesn't that mean that the account can be set up to use Enhanced security?
Is it possible to change all users in a department to one level of Security"
If an administrator wishes to switch all users in a particular department to one level of Security, please send mail to server-admin@isc.upenn.edu. We will change all existing users in that department to the specified security level, adjust the password state, and set up account management so that any future accounts created for that department are only allowed the specified security level. We would strongly recommend that all users be set up with the proper client software before requesting that a department be restricted to one security level.
I'm not in a position to switch my whole department to Enhanced Security but I'd like any new accounts created to default to Enhanced Security, is that possible?
Yes. We can make Enhanced Security the default when a new account is created. Just send mail to server-admin@isc.upenn.edu with your request.
If an account is set up for Basic Security, does that mean that the account cannot use a client that is Kerberos compliant?
No. A user who has been assigned Basic Security can still opt to use Kerberos compliant software like Host Explorer or Eudora. The administrator should work with the user and determine if the user can use Kerberos compliant software exclusively and if so, should switch the account to Enhanced Security.
Where can I find out more about Kerberos compliant clients?
A list of Kerberos compliant clients is available.
If an account is using SSH, does that mean that the account can't use Enhanced Security?
Yes. There is currently no SSH client supported on the campus that also supports Kerberos. If a user wishes to continue to use software like SecureCRT, that account must continue to use Basic Security.
If an account is using only Webmail to read email, can that the account be set up to use Enhanced Security?
Yes. Webmail uses the PennKey/PennKey password for authentication and does not send the PennKey password over the network in plain text.
The local password for an account is the same as the PennKey password. Doesn't that mean that the account can be set up to use Enhanced security?
No. Even if the local password is the same as the PennKey password, the account still has a local password that is stored on the system and can still use non-Kerberos compliant software. Enhanced Security means that no local password is stored on the system.
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
University of Pennsylvania Penn Computing University of Pennsylvania Information Systems & Computing (ISC)
Information Systems and Computing, University of Pennsylvania