Penn Computing

Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn
PennKey
Home
PennKey Overview
PennKey A-Z
PennKey Search
Site Map
How To:
Register Your PennKey
Set/Reset Your Password
Use Kerberized Services
Protect Your Password
Sponsor a Guest
Get Help
Special Information:
For LSPs
For System Admins
For Web Developers
For PennKey Admins

Proxy Login for POBOX

It is possible to change the settings on your POBOX account in order to allow another person to access your files via Kerberos, using their own PennKey and password. This authorized person will have access to all aspects of your account. They will be able to read your mail, send email under your name, and access/change all files stored in your POBOX account, including html files.

This access should not be given without careful consideration to possible consequences.

This method can also be used to give several people access to one group account, such as a department's or student organization's email/web site account.

Instructions

To allow another user to access your email account via Kerberos, without divulging your password, you need to create a file in the home directory of your POBOX account called ".k5login". This file will need to include a list of the PennKeys (including the @UPENN.EDU realm) for every person, including yourself, who you would like to authorize to use your account.

In order to create the .k5login file:
1. Telnet to your POBOX account
2. Type unix at the [MAIN MENU]% prompt
3. Type pico .k5login
4. Type the PennKeys (include @UPENN.EDU) for each person who should have access to your account. Put one PennKey per line. Make sure to list your own PennKey. Also make sure that the realm is typed in CAPITAL LETTERS, just like the example below.

For example:
benfrank@UPENN.EDU
jennydoe@UPENN.EDU

5. Type ctrl-x to save your work
6. Type y to confirm the save

That's it! Logout and you're set.

When you would like to remove the other user's privileges to your account, do so by deleting the .k5login file.
1. Telnet to your POBOX account
2. Type UNIX at the prompt
3. Type rm .k5login
4. Confirm the deletion by typing y
5. Logout

Email Client Configuration

For another user to access your mail when they are listed in your k5login file, they will need to change their email client configurations. Host Explorer for Windows and Eudora for both Mac and Windows support this process, as does webmail when accessing accounts on POBOX, mail.med, ben.dev, and dolphin. Unfortunately dataComet Secure for Mac does not.

POBOX Webmail

Log into webmail with your Pennkey, when prompted change "Account Name" from your PennKey name to the account name that you wish to access.

Host Explorer (Kerberized Telnet for Windows)

1. Right click the POBOX profile (which was already configured for Kerberos) and select properties. For information about configuring a profile for Kerberos see the Host Explorer documentation.
2. Open the Security folder under the "Settings Groups" heading.
3. Select the Kerberos tab.
4. Type the user name of the person's mail you are trying to check in the Alternate User Name box. (for example: benfrank)
5. Click ok to save the settings

When using this newly altered profile in conjunction with Ticket Manager, Host Explorer will access benfrank's mail instead of your own.

Eudora (Kerberized IMAP/POP for Windows/Mac)

Create a personality in Eudora that has the information for the person whose mail you are trying to access. Make sure that you have Eudora configured for Kerberos. Instructions are at available from the Eudora page on the Supported Products site.
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania