Using Kerberos for Macintosh, the Ticket Manager for Mac OS X
Kerberos ticket manager software is designed to manage authentication
(identity verification) across multiple online services that recognize
the Kerberos protocol. To learn more, see "Getting
Started in a Kerberized Environment," and "Kerberos
Tickets and How They Work."
This document provides instructions for:
Starting the Kerberos application
In Mac OS X, Kerberos is treated as an application like any other,
rather than as a Control Panel. Open the Kerberos application by
double-clicking its icon in the "Applications" window.
Getting a Kerberos Ticket
You will need to obtain a Kerberos Ticket-Granting Ticket (TGT),
or "master ticket," only once per computing session. By
default, this ticket is valid for ten hours. You will need to get
a new ticket after restarting and logging into your machine, after
destroying existing tickets, or if you allow a ticket to expire.
To get a Kerberos ticket:
-
Open the Kerberos application. The Kerberos
window will displayed with an empty ticket scroll list.
[screen shot of Kerberos window]
-
Click the Get Tickets button in the Kerberos
window.
-
In the Username: field, type your PennKey.
-
Make sure the Realm: field shows "v5
UPENN.EDU."
-
Type your password in the Password: field,
then click the OK button.
Note: Kerberos passwords are case-sensitive.
Your password will not be displayed as you type it.
-
If your login is successful, you will return to the Kerberos
window. In the ticket scroll list, you will see a ticket entitled
"v5[yourPennKey]@UPENN.EDU"
Renewing a Kerberos ticket
Should you find yourself working during a very prolonged session,
you may wish to renew your ticket in order to prevent your work
from being interrupted by ticket expiration.
To renew your tickets:
-
Open Kerberos application. Note the remaining
time listed next to the ticket at the top of your ticket scroll
list.
-
Click the Renew Tickets button in the Kerberos
window. The Kerberos login window appears and you will be prompted
to re-enter your password.
-
Type your password in the Password: field,
then click the "OK" button.
-
If your renewal is successful, the remaining time listed next
to the ticket at the top of your ticket scroll list will have
increased to the length of a full new session.
Destroying a Kerberos ticket
To prevent others from using your account information from your
computer, be sure to destroy any Kerberos tickets before leaving
your computer. You will subsequently need to obtain new tickets
to gain access using Kerberized clients.
To destroy your tickets:
-
Open the Kerberos application. The Kerberos
window will display with content appearing in the ticket scroll
list.
[screen shot of Kerberos window with active tickets]
-
Click the Destroy Tickets button in the Kerberos
window.
Note: You cannot selectively destroy
some tickets while preserving others. Destroying tickets is
an "all-or-nothing" action.
-
Confirm there are no active tickets by making sure the scroll
list of the Kerberos window is empty.
-
Quit the Kerberos application.
Changing your Kerberos/PennKey password
You need to have an active Kerberos ticket in order to change your
Kerberos/PennKey password. See the section "Getting
a Kerberos ticket" for instructions.
Then, to change your password:
-
Click the Change Password button in the Kerberos
window. The Kerberos Change Password window appears.
-
Type your old password and your new password where prompted,
then click the "OK" button.
Note: You may wish to consult the
"Rules for Password
selection" page for suggestions on how to create a
strong PennKey password.
-
If your password change is successful, you will be shown a
confirmation screen.
Quitting the Kerberos program
To quit the Kerberos program, simply click on its close window
button in the upper left corner of the window.
Important Note: Quitting
the program does not destroy your active
tickets -- you must manually destroy tickets
to ensure that nobody else can use them.
| 
