PennKey A - Z Directory
Address of Record. The address
to which a PennKey Setup Code is mailed in instances where newly admitted students are sent hard copies of the letter instead of an electronic copy.
Authentication. The method a computer system uses to verify that an
individual is who he or she claims to be. PennKey is an authentication method.
See also Authorization.
Authorization. The method a computer system uses to determine whether
or not an individual whose identity has been verified (authenticated) is in
fact eligible to use a particular service or application. Authorization is the
responsiblity of service or application owners and it works with an authentication
method. For example, only authorized individuals, not everyone who has a registered
PennKey and password, can log in to U@Penn or Blackboard.
Challenge-Response. A convenient, secure online
method for resetting a forgotten
PennKey password. Only individuals who have enrolled in Challenge-Response can
reset their passwords online. Enrollment in Challenge-Response is optional
and is not available to individuals with Non-Persistent PennKeys.
Cleartext Password. A password that is transmitted across the network
without being encrypted. Such passwords are vulnerable to being intercepted
by intruders and other unauthorized persons.
Critical Host Policy. The policy
that defines which Penn computers are considered "critical hosts"
and lays out security policy governing these computers.
Guest. See Sponsored Guest.
Host Computer. A computer that can be accessed over a network. A host
usually refers to servers and other computers that provide services to authorized
users, such as email, software for downloading, and online applications like
KDC. Key Distribution Center. A computer that issues Kerberos tickets.
Kerberized Client. Desktop software configured for Kerberos and used
to access a service that is secured using Kerberos. Penn's supported software
includes various clients that support Kerberos.
Kerberized Service. A service (eg, email) on a host computer that is
secured using Kerberos and can be accessed using a Kerberized client. Kerberized
services are being phased in at Penn.
Kerberos. A technology that secures services on host computers by establishing
an authenticated identity for a user and sharing that identity securely with
distributed computing services. With Kerberos, passwords are never transmitted
across the network, even in encrypted form. Kerberos is one of several security
technologies in use on Penn host computers. See also SSH and SSL/ TLS.
for Macintosh. The Macintosh ticket manager software required to authenticate
one's identity to Kerberized services. See also Kerberos for Windows.
Kerberos Principal. A character string that for users is roughly the
equivalent of a PennKey. You may see
references to Kerberos Principals in documentation related to Kerberos.
Kerberos Ticket. A temporary set of electronic
credentials that verify your identity to particular services. See also TGT and
Kerberos for Windows.
The Windows ticket manager software required to authenticate one's identity
to a Kerberized service. See also Kerberos for Macintosh and Ticket Manager.
Non-Persistent PennKey. A type of PennKey issued
to individuals such as conference attendees and volunteers, who have a more
fluid or shorter-term relationship to Penn. Non-Persistent PennKeys start with a "g" followed by seven digits. They always have
a limited life-span and cannot be renewed. Individuals with Non-Persistent PennKeys
cannot set a new password if they forget theirs. They need to obtain a new PennKey and a new Penn ID.
Penn ID. A unique eight-digit number issued
to Penn and UPHS affliates. University offices frequently require a Penn ID for identification in situations where they formerly required an individual's Social Security Number. PennCard holders will find their Penn ID printed on their PennCard
-- it is the middle 8-digit sequence of numbers at the bottom of the card. See
also PennCard Number and PennKey.
Your University ID card showing your photo and PennCard Number. For Penn faculty,
staff, and students, a PennCard is a required form of photo ID at PennKey Administration
PennCard Number. The three-part number on your PennCard. It takes the
form : 123456 12345678 12
PennKey. An individual's user name in the PennKey Authentication System.
Your PennKey is based on your PennName, a unique identifier that is the basis
for user names in an increasing number of University systems. You must register
your PennKey and associated password before you can access any services that
use PennKey authentication. See also Non-Persistent PennKey and Penn ID.
PennKey Administration Station. A campus
location where you can obtain a PennKey Setup Code.
PennKey Authentication. The authentication system that was introduced
at Penn in October 2002. See also Authentication.
PennKey Setup Code. A temporary identifier
that is issued when needed to reset a forgotten
password, or to register a PennKey. See
PennName. A unique identifier that is the basis
for user names in various University systems, including the PennKey system.
PennNet ID. A user name in the PennNet Authentication
System, which was replaced by the PennKey system in 2002.
PIN. Former name for a PennKey Setup Code. The change to Setup Code took place in April 2004.
Realm. The name (in all uppercase) of the network served by a Kerberos
database. PennKeys exist in the @UPENN.EDU realm.
Secure Client. Desktop software that is used to access a service that
has been secured using Kerberos, SSH, SSL/TL, or another technology that employs
Service Ticket. A Kerberos ticket obtained
from the KDC by a Kerberized client to authenticate to a particular Kerberized
service, such as mail.sas or dolphin email. See also Kerberos Ticket and
Setup Code. See PennKey Setup Code.
Setup Code Service. A self-service web application used to request a Setup Code to reset a forgotten PennKey password.
Single Sign-On. The ability to authenticate once and access multiple
electronic services, rather than authenticating separately to each service.
Kerberos, the technology underlying PennKey, provides a foundation for single
Sponsored Guest. An individual
who has an official business need for a PennKey but is not a Penn faculty member,
staff member, student, or UPHS (University of Pennsylvania Health System) employee.
Sponsored guests include consultants, contract programmers, volunteers, temporary staff, colleagues from other institutions working with Penn researchers, CHOP and VA Hospital personnel, and course auditors.
SSH. Secure Shell. A technology used to secure services on host computers.
SSH uses strong encryption for passwords. SSH is one of several strong security
technologies in use at Penn. See also SSL/TLS, Kerberos, and Strong Encryption.
SSL/TLS. Secure Socket Layer/Transport Layer Security. A technology
used to secure services on host computers. SSL/TLS uses strong encryption for
passwords. SSL/TLS is one of several strong security technologies in use at
Penn. See also SSH, Kerberos, and Strong Encryption.
Strong Encryption. A method of securing information so that it cannot
easily be intercepted and deciphered by an intruder. For services that require
passwords to be transmitted across the network, strong encryption is the minimum
standard on Penn's critical hosts. See also Critical Host Policy.
TGT. Ticket Granting Ticket. An initial
Kerberos ticket obtained from Penn's KDC (ticket-dispensing server) using your PennKey and password. Once
you have a TGT, Kerberized clients can use it to automatically obtain service
tickets whenever you want to use Kerberized services. A TGT is valid for 10
hours. See also Ticket Manager, Service Ticket, and Kerberos Ticket.
Ticket Granting Ticket (TGT). See TGT.
Ticket Manager. Desktop client software
used along with a PennKey and password to obtain a Kerberos Ticket Granting
Ticket (TGT). Also used to renew or destroy TGTs and to change your PennKey
Time Server. A server used to set a computer's clock to the correct
Time Synchronization. The process of using a time server to set a computer's
clock to the correct time. Kerberos requires that your computer's clock be in
sync with that of Penn's Kerberos KDC (ticket-dispensing server), which is synchronized
with Penn's network time server. You should synchronize your computer's clock
with Penn's network time server as well. Instructions are available on the Using
Your PennKey page.
Unreserved PennKey. Former name for Non-Persistent PennKey.