PennKey and Off-Campus Access to Kerberized Applications
Kerberos authentication is designed to ensure the integrity of
your Penn electronic accounts and data transactions. This authentication
method works from off-campus locations as well as from a Penn office
or dorm room, provided your computer has the special Kerberos ticket
manager software and the service you wish to use is "Kerberized,"
or capable of using the Kerberos authentication protocol.
Most users will have no trouble obtaining tickets with the ticket
manager software, provided their computer setups meet certain requirements.
- All of Penn’s currently supported desktop configurations
and operating systems will satisfy the requirements for running
a Kerberos ticket manager
- Network time synchronization software, properly configured
for the user's local time zone
- Ticket manager software configured for use in the Penn Kerberos
- Desktop client software configured for Kerberos authentication
Obtaining a Ticket Manager
If you've installed Penn's supported software suite from the current PennConnect
DVD onto your home computer, you have already installed the correct Kerberos
ticket manager for your operating system. You should be able to get tickets
and access Kerberized Penn electronic resources, whether you are using a dial-up
modem, cable modem, DSL, or some other remote access method.
If you haven't installed any software from the PennConnect CD, follow these
links to download the Kerberos ticket manager software for Macintosh
Supported software with Kerberos Support
Several of Penn's supported software applications are capable
of Kerberos authentication. If you are connecting to a host which
has Kerberized its services, you can use these software clients
from both on- and off-campus locations. These include:
- Shell or terminal emulator clients: HostExplorer
(Windows) and dataComet
Secure (Macintosh). These are network clients which provide terminal-style,
command line access to Penn hosts.
- FTP clients: Filezilla
(Windows) and Fetch
(Macintosh). Both are FTP clients which provide Kerberized file transfer.
- E-mail clients: Thunderbird
(Windows and Macintosh) and Apple's
built-in mail client (Macintosh OS X). This is an e-mail client which
works with Kerberized e-mail servers.
Problems Obtaining Tickets
If your computer is on a private home network behind a router
and you are running network address translation (NAT) software,
you may experience problems with your service tickets being rejected.
You may also experience problems if your Internet Service Provider
(ISP) dynamically changes your network IP address periodically during
the a single dial-in session. The most current installers for Kerberos Ticket Managers are designed to work in environments such as this. Be sure you are running the most current version of the Ticket Manager for your Windows or Macintosh operating system.
In very rare cases, your ISP may have implemented highly restrictive
measures which could hinder you from obtaining tickets properly.
Consult with your Internet Service Provider for further assistance.