PennKey A to Z


PennKey
	Home
	PennKey Overview
	PennKey A-Z
	PennKey Search
	Site Map

	How To:
	Register Your PennKey
	Set/Reset Your Password
	Use Kerberized Services
	Protect Your Password
	Sponsor a Guest
	Get Help

	Special Information:
	For UPHS Affiliates
	For LSPs
	For System Admins
	For Web Developers
	For PennKey Admins

PennKey A - Z Directory

Address of Record. The address to which a PennKey Setup Code is mailed in instances where newly admitted students are sent hard copies of the letter instead of an electronic copy.

Authentication. The method a computer system uses to verify that an individual is who he or she claims to be. PennKey is an authentication method. See also Authorization.

Authorization. The method a computer system uses to determine whether or not an individual whose identity has been verified (authenticated) is in fact eligible to use a particular service or application. Authorization is the responsiblity of service or application owners and it works with an authentication method. For example, only authorized individuals, not everyone who has a registered PennKey and password, can log in to U@Penn or Blackboard.

Challenge-Response. A convenient, secure online method for resetting a forgotten PennKey password. Only individuals who have enrolled in Challenge-Response can reset their passwords online. Enrollment in Challenge-Response is optional and is not available to individuals with Non-Persistent PennKeys.

Cleartext Password. A password that is transmitted across the network without being encrypted. Such passwords are vulnerable to being intercepted by intruders and other unauthorized persons.

Critical Host Policy. The policy that defines which Penn computers are considered "critical hosts" and lays out security policy governing these computers.

Guest. See Sponsored Guest.

Host Computer. A computer that can be accessed over a network. A host usually refers to servers and other computers that provide services to authorized users, such as email, software for downloading, and online applications like U@Penn.

KDC. Key Distribution Center. A computer that issues Kerberos tickets.

Kerberized Client. Desktop software configured for Kerberos and used to access a service that is secured using Kerberos. Penn's supported software includes various clients that support Kerberos.

Kerberized Service. A service (eg, email) on a host computer that is secured using Kerberos and can be accessed using a Kerberized client. Kerberized services are being phased in at Penn.

Kerberos. A technology that secures services on host computers by establishing an authenticated identity for a user and sharing that identity securely with distributed computing services. With Kerberos, passwords are never transmitted across the network, even in encrypted form. Kerberos is one of several security technologies in use on Penn host computers. See also SSH and SSL/ TLS.

Kerberos for Macintosh. The Macintosh ticket manager software required to authenticate one's identity to Kerberized services. See also Kerberos for Windows.

Kerberos Principal. A character string that for users is roughly the equivalent of a PennKey. You may see references to Kerberos Principals in documentation related to Kerberos.

Kerberos Ticket. A temporary set of electronic credentials that verify your identity to particular services. See also TGT and Service Ticket.

Kerberos for Windows. The Windows ticket manager software required to authenticate one's identity to a Kerberized service. See also Kerberos for Macintosh and Ticket Manager.

Non-Persistent PennKey. A type of PennKey issued to individuals such as conference attendees and volunteers, who have a more fluid or shorter-term relationship to Penn. Non-Persistent PennKeys start with a "g" followed by seven digits. They always have a limited life-span and cannot be renewed. Individuals with Non-Persistent PennKeys cannot set a new password if they forget theirs. They need to obtain a new PennKey and a new Penn ID.

Penn ID. A unique eight-digit number issued to Penn and UPHS affliates. University offices frequently require a Penn ID for identification in situations where they formerly required an individual's Social Security Number. PennCard holders will find their Penn ID printed on their PennCard -- it is the middle 8-digit sequence of numbers at the bottom of the card. See also PennCard Number and PennKey.

PennCard. Your University ID card showing your photo and PennCard Number. For Penn faculty, staff, and students, a PennCard is a required form of photo ID at PennKey Administration Stations.

PennCard Number. The three-part number on your PennCard. It takes the form : 123456 12345678 12

PennKey. An individual's user name in the PennKey Authentication System. Your PennKey is based on your PennName, a unique identifier that is the basis for user names in an increasing number of University systems. You must register your PennKey and associated password before you can access any services that use PennKey authentication. See also Non-Persistent PennKey and Penn ID.

PennKey Administration Station. A campus location where you can obtain a PennKey Setup Code.

PennKey Authentication. The authentication system that was introduced at Penn in October 2002. See also Authentication.

PennKey Setup Code. A temporary identifier that is issued when needed to reset a forgotten password, or to register a PennKey. See also Challenge-Response.

PennName. A unique identifier that is the basis for user names in various University systems, including the PennKey system.

PennNet ID. A user name in the PennNet Authentication System, which was replaced by the PennKey system in 2002.

PIN. Former name for a PennKey Setup Code. The change to Setup Code took place in April 2004.

Realm. The name (in all uppercase) of the network served by a Kerberos database. PennKeys exist in the @UPENN.EDU realm.

Secure Client. Desktop software that is used to access a service that has been secured using Kerberos, SSH, SSL/TL, or another technology that employs strong encryption.

Service Ticket. A Kerberos ticket obtained from the KDC by a Kerberized client to authenticate to a particular Kerberized service, such as mail.sas or dolphin email. See also Kerberos Ticket and TGT.

Setup Code. See PennKey Setup Code.

Setup Code Service. A self-service web application used to request a Setup Code to reset a forgotten PennKey password.

Single Sign-On. The ability to authenticate once and access multiple electronic services, rather than authenticating separately to each service. Kerberos, the technology underlying PennKey, provides a foundation for single sign-on.

Sponsored Guest. An individual who has an official business need for a PennKey but is not a Penn faculty member, staff member, student, or UPHS (University of Pennsylvania Health System) employee. Sponsored guests include consultants, contract programmers, volunteers, temporary staff, colleagues from other institutions working with Penn researchers, CHOP and VA Hospital personnel, and course auditors.

SSH. Secure Shell. A technology used to secure services on host computers. SSH uses strong encryption for passwords. SSH is one of several strong security technologies in use at Penn. See also SSL/TLS, Kerberos, and Strong Encryption.

SSL/TLS. Secure Socket Layer/Transport Layer Security. A technology used to secure services on host computers. SSL/TLS uses strong encryption for passwords. SSL/TLS is one of several strong security technologies in use at Penn. See also SSH, Kerberos, and Strong Encryption.

Strong Encryption. A method of securing information so that it cannot easily be intercepted and deciphered by an intruder. For services that require passwords to be transmitted across the network, strong encryption is the minimum standard on Penn's critical hosts. See also Critical Host Policy.

TGT. Ticket Granting Ticket. An initial Kerberos ticket obtained from Penn's KDC (ticket-dispensing server) using your PennKey and password. Once you have a TGT, Kerberized clients can use it to automatically obtain service tickets whenever you want to use Kerberized services. A TGT is valid for 10 hours. See also Ticket Manager, Service Ticket, and Kerberos Ticket.

Ticket Granting Ticket (TGT). See TGT.

Ticket Manager. Desktop client software used along with a PennKey and password to obtain a Kerberos Ticket Granting Ticket (TGT). Also used to renew or destroy TGTs and to change your PennKey password.

Time Server. A server used to set a computer's clock to the correct time.

Time Synchronization. The process of using a time server to set a computer's clock to the correct time. Kerberos requires that your computer's clock be in sync with that of Penn's Kerberos KDC (ticket-dispensing server), which is synchronized with Penn's network time server. You should synchronize your computer's clock with Penn's network time server as well. Instructions are available on the Using Your PennKey page.

Unreserved PennKey. Former name for Non-Persistent PennKey.



Information Systems and Computing University of Pennsylvania Comments & Questions