Getting things ready
-
Log onto conviction.CS and run /usr/kerberos/bin/register. This will prompt
you for your Unix password and then ask for a Kerberos password.
If you can't log onto any of those machines, please send a message
to kerberos-questions@eecs and someone will contact you to assist
in setting up your Kerberos password.
If you logged into one of the above machines across the network, be
*sure* to change your Kerberos password as soon as possible, using kinit
and kpasswd.
-
Once you've got a Kerberos password, make sure /etc/krb.srvtab exists on
your workstation. If it doesn't, send a message to kerberos-questions@eecs
asking that the proper Kerberos files be installed on your machine.
-
Make sure /usr/kerberos/bin is somewhere near the front of your $path
variable (or at least ahead of /usr/bin and /usr/ucb) to ensure that
you are running the Kerberized rlogin/rsh/rcp/telnet.
Using Kerberos
- Kerberos tickets only last for 9 hours, so when you sit down at your
workstation each morning, run the kinit program. This program prompts
for your Kerberos password, then sets up a Kerberos ticket for you. You
can confirm that you have a current ticket with the klist program.
-
At this point, the Kerberized rlogin, rsh and rcp will ignore any .rhosts
file and use the Kerberos ticket, and 'telnet -a' will do an automatic,
authenticated login on any other Kerberos-ready systems to which you
have access.
Even using Kerberos, you may sometimes need to type your password
across the net (running 'su' or 'ftp' on a remote machine, for
example). If this is the case, you should make sure you've
started telnet or rlogin with the -x flag, which encrypts all
traffic between your workstation and the remote machine.
Need more details?
/usr/sww/doc/kerberos/krb-admin contains a more detailed system administration
guide, and /usr/sww/doc/kerberos/krb-users contains more detailed information
for users.