Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

PennKey and Off-Campus Access to Kerberized Applications

Kerberos authentication is designed to ensure the integrity of your Penn electronic accounts and data transactions. This authentication method works from off-campus locations as well as from a Penn office or dorm room, provided your computer has the special Kerberos ticket manager software and the service you wish to use is "Kerberized," or capable of using the Kerberos authentication protocol.

Most users will have no trouble obtaining tickets with the ticket manager software, provided their computer setups meet certain requirements.

Desktop Requirements

  • All of Penn’s currently supported desktop configurations and operating systems will satisfy the requirements for running a Kerberos ticket manager
  • Network time synchronization software, properly configured for the user's local time zone
  • Ticket manager software configured for use in the Penn Kerberos environment
  • Desktop client software configured for Kerberos authentication

Obtaining a Ticket Manager

If you've installed Penn's supported software suite from the current PennConnect DVD onto your home computer, you have already installed the correct Kerberos ticket manager for your operating system. You should be able to get tickets and access Kerberized Penn electronic resources, whether you are using a dial-up modem, cable modem, DSL, or some other remote access method.

If you haven't installed any software from the PennConnect CD, follow these links to download the Kerberos ticket manager software for Macintosh or Windows.

Supported software with Kerberos Support

Several of Penn's supported software applications are capable of Kerberos authentication. If you are connecting to a host which has Kerberized its services, you can use these software clients from both on- and off-campus locations. These include:

  • Shell or terminal emulator clients: HostExplorer (Windows) and dataComet Secure (Macintosh). These are network clients which provide terminal-style, command line access to Penn hosts.
  • FTP clients: Filezilla (Windows) and Fetch (Macintosh). Both are FTP clients which provide Kerberized file transfer.
  • E-mail clients: Thunderbird (Windows and Macintosh) and Apple's built-in mail client (Macintosh OS X). This is an e-mail client which works with Kerberized e-mail servers.

Problems Obtaining Tickets

If your computer is on a private home network behind a router and you are running network address translation (NAT) software, you may experience problems with your service tickets being rejected. You may also experience problems if your Internet Service Provider (ISP) dynamically changes your network IP address periodically during the a single dial-in session. The most current installers for Kerberos Ticket Managers are designed to work in environments such as this. Be sure you are running the most current version of the Ticket Manager for your Windows or Macintosh operating system.

In very rare cases, your ISP may have implemented highly restrictive measures which could hinder you from obtaining tickets properly. Consult with your Internet Service Provider for further assistance.



Information Systems and Computing
University of Pennsylvania
Comments & Questions

Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania