User Information Home
Compute Resources
Software
Data
Security
Allocations
Consulting
Training
Strategic Applications Program

NCSA Kerberos Frequently Asked Questions (FAQ)

Questions

1. How do I get a Kerberos Account at NCSA?
2. When I run kinit it gets my Kerberos username wrong.
3. I'm using the Kerberos ftp client and I'm still getting prompted for my username. What's up with that?
4. How do I encrypt my data with Kerberos ftp?
5. I had to restore my hard drive and now I can't connect to my machine with Kerberos
6. I have accounts in two Kerberos realms. How can I get credentials for both?

Other sources of information

• NCSA Kerberos Windows Troubleshooting
• NCSA Kerberos Unix Troubleshooting
• Ken Hornstein's Kerberos FAQ.

How do I get a Kerberos Account at NCSA?

Easy, if you are an NCSA user, then you have a NCSA Kerberos account. The password to your Kerberos account is the same as your AFS password, which is what you use for checking email via POP and logging into NCSA's public systems (i.e.. public-linux and public-sun).

If you don't know what the password is try your default password (this is the one that came on the form that was mailed to you when you first got your account at NCSA).

If that doesn't work, you can email help@ncsa.uiuc.edu and they can reset your Kerberos password to your default password.

If you have any questions please contact kerberos@ncsa.uiuc.edu.

When I run kinit it gets my Kebreros username wrong.

kinit does it's best to figure out what your Kerberos username is, but sometimes won't be able to get it right. Typically this will be on a machine where your local username is not the same as your NCSA username.

If, for any reason, kinit is not getting your Kerberos username correct you can specify when you run kinit, for example if your Kerberos username is jdoe, you would specify:

kinit jdoe

I'm using the Kerberos ftp client and I'm still getting prompted for my username. What's up with that?

This is because you might want to log in as another user besides yourself. If you hit return at the username prompt you should find yourself logged in.

If you want to avoid this extra bit of input simply create a .netrc file on the machine you are connectiong from. And in that file put a line like the following:

 
machine mss.ncsa.uiuc.edu login myname 

Now when you ftp into the machine mss.ncsa.uiuc.edu the ftp client will automaticaly use the username myname and you won't be prompted.

How do I encrypt my data with Kerberos ftp?

Issue the private command from the ftp> prompt.

 
ftp> private 
200 Protection level set to Private. 

Note that this causes any files you transfer to be encrypted, but not your commands.

I had to restore my hard drive and now I can't connect to my machine with Kerberos

This is probably because the Kerberos keytab, which is stored in /etc/krb5.keytab was wiped out. You need to get a new host key for your host.

I have accounts in two Kerberos realms. How can I get credentials for both?

This is addressed on the Kerberos and Multiple Principals page

---

Back to NCSA Kerberos Information

Questions or comments about this page may be sent to kerberos@ncsa.uiuc.edu