This page
Other pages
Account
You are viewing an old version of this page. View the current version.
Compare with Current |
View Page History
MIT Kerberos for Windows 4.0.x - Managing Kerberos Tickets
On this page:
Overview
You will need to get Tickets (called Kerberos credentials in previous versions of KfW) before you can use applications requiring Kerberos authentication. The MIT installation of KfW 4.0.x is pre-configured with ATHENA.MIT.EDU as the default Kerberos realm.
- When you start or restart your Windows system, the KfW Initialize Ticket window should open by default and you can get Kerberos credentials at that time, so they are ready and waiting when you go to a Kerberized application.
- If you open a Kerberized application and do not have credentials, the Initialize Ticket window should open automatically (although it may be hidden behind the application window).
- To initiate getting credentials, follow the steps below.
Get New Kerberos Tickets (Basic)
- Right-click on the MIT Kerberos (called "Leash" or "Network Identity Manager" in previous KfW versions) icon in the Notifications tray at the bottom-right of the Windows Taskbar. Or, go to Start > All Programs > Kerberos for Windows > MIT Kerberos Ticket Manager.
- Click the icon "Get Ticket".
Result: The Initialize Ticket window should appear.
- Enter your Kerberos User Name and @ (for example "kerberosname@") The realm "ATHENA.MIT.EDU" will automatically populate.
Note: "Remember this Principal" check box allows the user to type the first letter of the user name in future sessions to expedite acquiring tickets. To forget stored user names click the "Clear History" button.
- Enter your Kerberos password and click OK.
Result: A ticket is acquired, the Initialize Ticket window closes. The KfW Icon in the Notifications Tray is now green.
Note: Default settings include a ticket lifetime of 10 hours, tickets can be renewed, and have a renewable lifetime of 6 days and 21 hours. For more detail please Advanced Settings below
Delete Tickets
- To manage your Kerberos credentials, right-click on the MIT Kerberos for Windows icon in the Notifications tray and select Open MIT Kerberos window.
Result: The KfW window appears. The time remaining on credentials is shown to the right of the Kerberos username.
- Select the credentials you wish to destroy and click the Destroy credentials icon.
Result: A confirmation dialoge box appears.
- Click Yes to confirm you wish to destroy the credentials.
Result: The Ticket no longer appears in the MIT Kerberos Window.
Note: If there are no tickets, the MIT Kerberos icon in the Notification Center will be gray
Get New Kerberos Tickets (Advanced)
To view additional settings when acquiring a ticket, click the "Show Advanced" button on the Initialize Ticket window. Changing these settings will adjust the acquisition of a ticket, but will not affect any existing tickets. The Advanced Settings revert to the default settings each time Kerberos for Windows is started.
Adjusting Ticket Lifetime
- The Lifetime of a Ticket is how long the ticket is valid without renewal.
- MIT's minimum lifetime is 30 minutes; maximum lifetime is 1 day (excluding renewal).
- To adjust the Ticket lifetime move the Ticket Lifetime slider. Moving the slider to the left decreases the lifetime of the ticket, moving to the right increases the lifetime of the ticket.
Allowing and Adjusting Ticket Renewal
- The Renewable Lifetime of a Ticket is how long a valid ticket can be renewed. MIT's minimum renewable lifetime is 10 hours; maximum renewable lifetime is 30 days .
- To adjust the Ticket Renewable Lifetime verify that the Renewable check box is checked
- Move the Ticket Lifetime slider. Moving the slider to the left decreases the renewable lifetime of the ticket, moving to the right increases the renewable lifetime of the ticket.
- Acquire the ticket
- Select the "Options" Tab in the MIT Kerberos window
- Enable Automatic Ticket Renewal by checking the Automatic Ticket Renewal check box (not recommended for security reasons)
Related Links
Labels:
None
