How can I use Kerberos to read my email?What is Kerberos?Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business. SEAS mailservers support kerberos authentication for pop, pops, imap, imaps, and smtp. What does Kerberos have to do with my email client?When you are setting up your email client, you to configure your server security settings. The two main secure options are: (1) the Secure Sockets Layer (SSL) protocol or (2) the Kerberos protocol. However, not all clients work with Kerberos, only Eudora, AppleMail, as well as telnet clients (Host Explorer and Data Comet). Instructions on how to configure Kerberos in Eudora (Windows and Macintosh), AppleMail, Host Explorer (Windows), and Data Comet (Macintosh) are below. To find out how to configure your email client to use SSL instead, see the CETS email config page. Using Kerberos with Eudora 6.1.1 Win
Download linksDownload Eudora (Win, Mac), Host Explorer or DataComet as well as Kerberos software for Win and Mac available from Penn Computing.
Using Kerberos with Eudora 6.1.1 (Win, Mac)Windows - If you are installing Eudora for the first time, you can run the EudUpdat2.bat to configure all your email settings. 1. The first step is to ensure Kerberos client software (Leash32) is installed on your computer. In addition, you may need to make changes if you are behind a firewall that uses Network Address Translation (NAT). Please click here for more information. 2. Start Eudora 6.1.1 for Windows. 3. From the Tools menu, select Options... The Options window displays. 4. In the left panel of the Options window, scroll down and select the "Kerberos" icon to display the Kerberos Options window.
5. Click the "On" radio button beside the Kerberos Authentication: field only. Caution: Do not enter or change information in any of the other fields in this Options window. 6. Click OK. You have successfully configured Eudora 6.1.1 for Kerberos (PennKey) authentication. 1. Ensure Kerberos client software (Kerberos for Macintosh 4.x) is installed on your computer. In addition, you may need to make changes if you are behind a firewall that uses Network Address Translation (NAT). Please click here for more information. 2. Launch Eudora 6.1.1. 3. From the Special menu, select Settings. 4. In the left panel, scroll down and select the "Kerberos" icon to display the settings for this option.
5. Under Personality, check only "Use Kerberos" and "Use Kerberos V/GSSAPI for POP3." Caution: Do not enter or change information in any of the other fields in this Settings window. 6. Click OK at the bottom of the window. Eudora 6.1.1 for Macintosh is now Kerberos enabled.
Using Kerberos with AppleMail1. Ensure Kerberos client software (Kerberos for Macintosh 4.x) is installed on your computer. In addition, you may need to make changes if you are behind a firewall that uses Network Address Translation (NAT). Please click here for more information. 2. Launch Apple Mail. 3. Click on the Mail menu and choose Preferences. 4. Click the Accounts Icon. 5. Click on the Advanced tab. Select Kerberos Version 5 (GSSAPI) from the Authentication drop down menu. 6. Save your settings. Apple Mail is now Kerberos enabled.
Using Kerberos with text-based email clients (Mutt)You can use a kerberized telnet client to connect to Eniac. To use kerberos authentication, you first need to obtain and install the kerberos ticket manager software (Kerberos for Macintosh 4.x, or Leash32 2.x for Windows). In addition, you may need to make changes if you are behind a firewall that uses Network Address Translation (NAT). Please click here for more information. Once configured to use a Ticket Manager, you will be able to configure dataComet Secure for the Mac or HostExplorer for Windows to read your email using kerberized telnet. How to Configure a New Kerberos-enabled Telnet Profile - WINDOWS Instructions 1. To display the HostExplorer Open Session window, click Start > select Programs > select Hummingbird Connectivity V9.0 > select HostExplorer > select Telnet.
2. To create a new profile, click the Hummingbird icon, which is the middle icon located in the upper-right corner of the Open Session window. The New Profile window displays.
3. In the Profile Name: field, type the name of the Telnet destination (for example, type seas.upenn.edu), and then retype the name in the Host Name: field at the bottom of the window. Click OK to return to the Open Session window.
4. In the Open Session window, under the Profile Name column, highlight the Telnet site that you just created, and then right-click your mouse to select Properties from the drop-down menu. The Session Profile window appears.
5. Under the Categories: column, click the plus symbol (+) beside the Security option to expand it. From the expanded Security menu, select the General tab to display its contents.
6. On the General tab, select the Kerberos radio button, but do not click OK yet. Note: In order to select the Kerberos option you must have already installed Leash32 2.6.x on your machine. If you have not installed Leash, quit HostExplorer, install Leash, and then return to HostExplorer.
7. Click the Kerberos tab at the top of the Session Profile window to display its contents. In the Kerberos tab window, check the Authentication and Encryption boxes. Then, change the Kerberos Client drop down box to "MIT Kerberos".
8. You can now click OK to save your Kerberos configuration. How to Configure a Kerberos-enabled Telnet Profile - MACINTOSH Instructions 1. Launch dataComet Secure. 2. From the File menu, select "New" > "Terminal Session" 3. In the displayed window, type your Telnet destination in both the "Window name:" field and in the "Connect to:" field, which appears at the bottom of the window (for example, type eniac.seas.upenn.edu). 4. Click the "Telnet" radio button, and then click the "Configure..." button.
5. In the next displayed window, check the "Authentication" and the "Encryption" boxes, and then click "OK."
6. Click "OK" again to open your Telnet session. 7. Once you are connected to the Telnet destination, from the File menu, select "Save Configuration." 8. When the Sessions window appears, choose the directory in which to save the current Telnet configuration, and then click "Save." 9. To log into your Telnet session, select "Sessions" from the File menu, then select the desired profile. |
