Home|About IS&T|Contact Us|For IS&T Staff

Search Advanced Search

 

On this page:
Overview
Kerberos
Establish Your Kerberos Identity
Kerberos Identity Uses

Overview

Computer-based systems often require that each user has a unique username and a secure password to access those systems. Many MIT computer-based systems and services share the same username/password authentication service, Kerberos. This means a user has to keep track of only one username and password -- the user's MIT Kerberos username and password -- for many systems.

Kerberos

Many network-based computer login schemes send your password across the network to the host computer to confirm your identity. Although good systems send the password in an encrypted form (e.g., via SSL), a number of computer systems actually send the password over the network "in the clear" (unencrypted), making your account vulnerable to "packet sniffers" (people illegally monitoring information passing over the network, particularly username/password pairs).

Kerberos authentication bypasses both of these methods: when you enter your Kerberos username and password at a login prompt, the password is never actually sent across the network at all. Instead, it is converted into a specially coded format and in that form compared with a special time-stamped code string sent from the Kerberos authentication server. Your password isn't sent anywhere, yet your identity is confirmed.

MIT has an open networking environment (for instance, we aren't behind a firewall), therefore, it is especially important to have secure authentication systems. Kerberos is the backbone authentication system for MIT's core computer systems.

Establish Your Kerberos Identity

All MIT community members (students, faculty, staff) are entitled to have an MIT Kerberos identity (primary username/password). To activate this identity you must register. See How to Activate an Athena Account for instructions on registering.

When you register, you supply your MIT ID number, your real name, and (if you are a new student) a set of six "magic words". Then you can specify:

• A unique username for yourself that is 8 characters or shorter (this is permanent and can't be changed).
• An initial password for your identity (you can change this at any time).

The act of registering also creates an account for you on the Athena system (including 1.5 GB of file space).

Since establishing a Kerberos identity implies that you will be using networked computer services at MIT, registering for your Kerberos identity requires that you agree to abide by the MITnet Rules of Use. There are usually also additional rules for each of the computer systems or facilities that your Kerberos identity gives you access to (for example, since you are also given an Athena account when you register, you should see the Rules for Athena Facilities).

Kerberos Identity Uses

Your MIT Kerberos identity gives you access to a variety of systems and facilities on campus and on MITnet, some of which are listed below. These systems and services are primarily for current students, faculty, and staff of the MIT community. If you are a new student who has not yet started your first semester, certain MIT web sites and online systems are considered essential to your matriculation. For more details, see the pages: The First Year at MIT and Housing at MIT.

Typical User	System/Facility	Summary	Features	More Info	Who Provides Support
Everyone	Email	MIT's central email services	With an MIT Kerberos identity: You can use MIT's mail servers to send email. Others can send email to you at an @mit.edu email address. You can have incoming mail redirected to another email account (e.g., an AOL account) temporarily.	Email at MIT	Service Desk (Information Services and Technology)
Students	WebSIS	MIT's online student information system	WebSIS, the web interface to the MITSIS student information system, includes: Course pre-registration. Online access to your financial and academic record.	WebSIS	MITSIS Support (Student Services)
Everyone, especially students and web publishers	Athena	MIT's campus-wide UNIX-based academic computing facility.	In addition to ample filespace (1.5 GB by default), you can use Athena to: Do class work Communicate with other students and faculty online. Explore the Internet. Publish your own web pages. Make use of many other features and applications (e.g., third-party software).	Athena	Athena Consulting (Information Services and Technology)
Students (housing lottery is for pre-frosh)	Lotteries	Some of the electronically-run campus "lotteries" (Housing, Phys.Ed.)	Some of the electronically-run campus "lotteries" (Housing, Phys.Ed.)	Housing Lottery Phys Ed Lottery
Everyone	Web Certificate-based services	A wealth of "web-certificate"-based online services	Among the web services that require you to have an MIT Web Certificate to take advantage of the service are: Educational discounts for computer purchases (offered electronically through vendor partners with MIT). Access to MIT-only web pages. Ability to download MIT licensed software (coordinated by Information Services and Technology Software Release team and other groups).	MIT Electronic Catalogs (ECAT) MIT Software Download	Service Desk (Information Services and Technology) Software Release Team (Information Services and Technology)
Sloan Students	Sloan Systems	A variety of Sloan web pages and facilities (Sloan students only)	With a Kerberos identity, Sloan MBA students can access: Sloan web portal. Sloan's NT lab.		(Sloan Information Technology)
Graduate Students	Off-Campus Housing Resources	Access to the database of off-campus housing opportunities (Graduate Students only)	MIT's Office of Off-Campus Housing maintains a database of available housing for graduate students	Off Campus Housing (see also Graduate Living Options)	Off-Campus Housing Service Residential Life Programs Office (RLP)