NCSA Home
Contact Us | Intranet | Search

ncsa
Before continuing, please make sure the New Kerberos for Windows instructions do not apply to your case.

Kerberos for non-NCSA Windows 95, 98, NT, 2000, and XP

To use NCSA's systems, you need to have special versions of commands used to connect to the systems (telnet, rsh, rlogin, etc.). These commands are more secure than their traditional counterparts because they use Kerberos to prevent your password from being transmitted over the Internet.

Note: These instructions are for installing the Kerberos software on Windows 95, 98, NT, 2000, and XP systems that are not on NCSA's internal network. If you have a machine on NCSA's network then you can refer to the Installing Kerberos on NCSA systems page.

Installation (5 Minutes)

  • Download the Windows Kerberos software from the Kerberos 5 Binary Download page. Answer the mandatory questions. Select the operating system type "Windows 95/98/NT/2000/XP". Under "Type of Distribution", select "Clients Only".
  • When prompted for a password, use your current NCSA password. If you have not yet changed your password, you should use your default password that is on the "Password and System Information" sheet that was sent to you when you received your account at NCSA. If you do not know your current Kerberos password, contact the NCSA Helpdesk at help@ncsa.uiuc.edu or 217-244-0710. They can reset your password to the default.
  • You will download a self-extracting executable. Run this program by double-clicking on it. Click on the "Unzip" button and it will unpack itself into a folder called "NCSA Kerberos 5 Install".
  • Open the NCSA Kerberos 5 Install folder.
  • Run the program Setup by double clicking on it. This will run InstallShield and walk you through the rest of the installation.
  • After the Installshield is finished, be sure to look at the README for further installation directions. (You can ignore the section on Eudora.)

Connecting to NCSA Systems

Before you log in to an NCSA system, you need to run the Credentials Manager to get a valid Kerberos ticket.

  • Under the Start menu, select Programs, Kerberos 5, Credentials Manager
  • Make sure the Name field in the lower left has your NCSA login name.
  • Make sure the Realm field in the lower right is NCSA.EDU (in all caps).
  • Type your NCSA Kerberos password in the Password field and hit Enter on your keyboard. The password won't be echoed back to you.
  • You should now see a ticket appear in the main window.
  • Now you can close the Credentials Manager. Your ticket is stored on disk, so you don't need to leave the manager running.
  • The Kerberos ticket is good for 25 hours. After that time, you need to run the Credentials Manager again to get a new one.
To connect to an NCSA system, use the new telnet command:

  • Click the Start button, select Programs, then select Kerberos 5, then launch the telnet application.
  • Enter the name of the host to conect to and click on OK.
  • You should now be connected to the host without typing your password.

Time Synchronization

In order for Kerberos authentication to work, your machine and the Kerberos servers time need to be within 5 minutes of each other. If they are too far off you may see a message like the following:

Kclient32: clock skew too great in KDC reply getting Kerberos credentials

Here are a couple ways to set the clock within the allowed limit:

  1. When Kerberos was installed on your machine it also installed a utility called TomiClock. Start the \Program Files\NCSA\Kerberos 5\Tomicloc.exe program and set your system clock to this time.

  2. You can log into an NCSA UNIX system (such as modi4.ncsa.uiuc.edu) using SSH and run the "date" command to get the time and set your system clock to the time.

  • Note: If you are running Windows NT, 2000 or XP, you will need to have administrator privileges in order to set your time, either manually or using TomiClock.

    Troubleshooting

    If you have problems, see the Windows Troubleshooting page. Send email to consult@ncsa.uiuc.edu if you encounter any problems that you cannot solve.

    Back to NCSA Kerberos Information

    Questions or comments about this page may be sent to consult@ncsa.uiuc.edu

    		•

    University of Illinois home page NCSA Home | About NCSA | NCSA Projects | Blue Waters | NCSA News | NCSA User Info
    Contact NCSA | NCSA Intranet | Site Map
    Contact webmaster with questions regarding this page. Last updated October 25, 2006.
    All rights reserved. ©2009 Board of Trustees of the University of Illinois.