NCSA Home
Contact Us | Intranet | Search

ncsa

Installing Kerberos for Windows

  • These directions are for installing kerberos clients for Windows 95, 98, NT, 2000, and XP.
  • Send email to kerberos@ncsa.uiuc.edu if you encounter any problems.

Read first

  • Before continuing, please make sure the New Kerberos for Windows instructions do not apply to your case.
  • Access to Kerberos binaries is restricted due to US export control laws. If you find you are unable to access Kerberos binaries and believe you should be able to, please send a request to kerberos@ncsa.uiuc.edu to be granted access.
  • To use kerberos with Eudora, you need to be running Eudora 3.0.1 or later.
    • To determine what version of Eudora you are currently running, run Eurora and under Help select About Eudora. Just below the Copyright there is a version information. If you are not running at least 3.0.1 you need to upgrade.
    • If you are running version 3.0, you can find an upgrade to the latest version of Eudora in the Network Neighborhood, under File-server, Software-PC, Commercial Software.
    • If you are running an earlier version of Eudora than 3.0 you first need to install Eudora 3.0 and then the upgrade to the latest version. You can find Eudora 3.0 in the Network Neighborhood, under File-server, Software-PC, Commercial Software, Eudora Pro 3.0, Disk 1. Double click on the file Setup and follow the directions it gives you.
    • Kerberos has been tested with versions of Eudora up to 4.0

Installation (5 Minutes)

  • Download the Windows Client distribution from the Kerberos 5 Binary Download page
  • You will download a self-extracting executable. Run this program by double-clicking on it and it will unpack itself into a folder called "NCSA Kerberos 5 Install"
  • Go into the NCSA Kerberos 5 Install folder.
  • Run the program Setup by double clicking on it.This will run InstallShield and walk you through the rest of the installation.
  • After the Installshield finished be sure to read the README for further Installation directions.
  • You may now close any open folders in the Network Neighborhood and delete the NCSA Kerberos 5 Install folder.
  • Proceed to Configuring Eudora

Configuring Eudora (5 Minutes)

Eudora 3.x Instructions

  • Launch Eudora
  • Under the Tools menu select Options. When the options menu comes up, under the Category menu on the left, select Checking Mail and make sure the following are set. If you previously had Kerberos installed, you probably won't have to change anything here.
    • Your POP account should be <your username>@pop.ncsa.uiuc.edu
    • Change Authentication Style to Kerberos
  • Now select Advanced Network under the Category menu. Under "Use asynchronous Winsock calls for:" make sure the box for "All others" is NOT selected.
  • Now select Kerberos under the Category menu and make sure the following are set. If you previously had Kerberos installed, you probably only need to change the last item.
    • Kerberos POP3 port should be 1109
    • Realm should be NCSA.EDU (this is case sensitive so make sure it's all caps).
    • Service name should be pop (again case sensitive, should be all lower case).
    • Service format should be %1/%2@%3

Eudora 4.x Instructions

  • Launch Eudora
  • Under the Tools menu select Options. When the options menu comes up, under the Category menu on the left, select Checking Mail and make sure the following are set. If you previously had Kerberos installed, you probably won't have to change anything here.
    • Your POP account should be <your username>@pop.ncsa.uiuc.edu
  • Now select Incoming Mail under the Category menu. If you previously had Kerberos installed, you probably won't have to change anything here.
    • Change Authentication Style to Kerberos
  • Now select Kerberos under the Category menu and make sure the following are set. If you previously had Kerberos installed, you probably only need to change the last item.
    • Kerberos POP3 port should be 1109
    • Realm should be NCSA.EDU (this is case sensitive so make sure it's all caps).
    • Service name should be pop (again case sensitive, should be all lower case).
    • Service format should be %1/%2@%3

Using Eudora with Kerberos 5

  • Run Eudora as you normally would and check you mail as you normally would. You will be prompted by Eudora for your User namd and password.
  • Enter your Kerberos username and Kerberos password then click OK.
  • Your email should now be checked as normal. Eudora will continue using your Kerberos ticket until it expires (in 25 hours) when it will reprompt you for your name and password.

Time Synchronization

  • In order for Kerberos authentication to work, your machine and the Kerberos servers time need to be within 5 minutes of each other. If they are too far off you may see a message like the following:

    Kclient32: clock skew too great in KDC reply getting kerberos credentials

    If you are logging into a windows machine that is in the NCSA domain, and it authenticates you with you domain password, a script is run which automatically sets your clock. If not then here are a couple ways to set the clock within the allowed limit:

    1. When Kerberos was installed on your machine it also installed a utility called TomiClock. Start the \Program Files\NCSA\Kerberos 5\Tomicloc.exe program and set your system clock to this time.
    2. You can log into a public UNIX machine and run the "date" command to get the time and set your system clock to the time. The public machines are synchronized with the other servers so that their times will be aligned.

    Note:If you are running Windows NT, 2000 or XP, you will need to have administrator privledges in order to set your time. If you do not have administrator privledges then disable Kerberos in Eudora (described below) and contact desktop support to set your time. Once the time is set then you can re-enable Kerberos.

To disable Kerberos in Eudora

  • In Eudora under Tools menu select Options. When the options menu comes up, go to the section on Checking Mail and make the following changes:
    • Authentication Style should be Passwords (instead of Kerberos)
    • You don't need to change anything under the Kerberos section.
  • To reenable Kerberos authentication change Authentication Style back to Kerberos.

Using Kerberos Applications under windows

Back to NCSA Kerberos Information

Questions or comments about this page may be sent to kerberos@ncsa.uiuc.edu

University of Illinois home page NCSA Home | About NCSA | NCSA Projects | Blue Waters | NCSA News | NCSA User Info
Contact NCSA | NCSA Intranet | Site Map
Contact webmaster with questions regarding this page. Last updated October 25, 2006.
All rights reserved. ©2009 Board of Trustees of the University of Illinois.