Getting things ready

  1. Log onto conviction.CS and run /usr/kerberos/bin/register. This will prompt you for your Unix password and then ask for a Kerberos password.
    If you can't log onto any of those machines, please send a message to kerberos-questions@eecs and someone will contact you to assist in setting up your Kerberos password.

    If you logged into one of the above machines across the network, be *sure* to change your Kerberos password as soon as possible, using kinit and kpasswd.

  2. Once you've got a Kerberos password, make sure /etc/krb.srvtab exists on your workstation. If it doesn't, send a message to kerberos-questions@eecs asking that the proper Kerberos files be installed on your machine.
  3. Make sure /usr/kerberos/bin is somewhere near the front of your $path variable (or at least ahead of /usr/bin and /usr/ucb) to ensure that you are running the Kerberized rlogin/rsh/rcp/telnet.

Using Kerberos

  1. Kerberos tickets only last for 9 hours, so when you sit down at your workstation each morning, run the kinit program. This program prompts for your Kerberos password, then sets up a Kerberos ticket for you. You can confirm that you have a current ticket with the klist program.
  2. At this point, the Kerberized rlogin, rsh and rcp will ignore any .rhosts file and use the Kerberos ticket, and 'telnet -a' will do an automatic, authenticated login on any other Kerberos-ready systems to which you have access.
    Even using Kerberos, you may sometimes need to type your password across the net (running 'su' or 'ftp' on a remote machine, for example). If this is the case, you should make sure you've started telnet or rlogin with the -x flag, which encrypts all traffic between your workstation and the remote machine.

Need more details?

/usr/sww/doc/kerberos/krb-admin contains a more detailed system administration
guide, and /usr/sww/doc/kerberos/krb-users contains more detailed information
for users.