Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications. It was created by the Massachusetts Institute of Technology (MIT). Kerberos for Windows installs Kerberos on your computer and configures it for use on the Stanford network. Stanford services that require Kerberos authentication include Stanford OpenAFS.
Network Identity Manager (NIM) is the name of the user interface that manages your Kerberos authentication status. Your Kerberos credentials are established by logging into Network Identity Manager with your SUNet ID and corresponding password.
By default, Network Identity Manager automatically starts when log in to Windows.. When Network Identity Manager is running, the NIM icon appears in the notification area at the far right of the taskbar.
Installing Kerberos for Windows
- Download and run the Kerberos for Windows installer.
- At the prompt, click Yes to continue with the installation.
- At the Welcome window, click Next to continue.
- Select the option to accept the terms of the license agreement and then click Next.
- Choose Typical as the setup type and click Next if it is enabled.
- If the Next button in the Setup Type window is disabled, you may need to close one or more running processes. Click Next to allow the Setup Wizard to close them for you.
- Click Install to start the installation.
- Click Finish to close the Setup Wizard.
- For Windows Vista Users Only: Before you can use Kerberos for Windows, you must log off of your Windows user account and then log back on. When the Log-off dialog box appears, click Yes to automatically log off of your Windows user account now or click No to manually log off of your Windows user account later.
Obtaining new credentials (authenticating with Kerberos)
You will need to get Kerberos credentials before you can use applications requiring Kerberos authentication. If you open an application that requires Kerberos authentication and you do not have credentials, the New Credentials window will open automatically.
Tip:The New Credentials window may open behind that application's window. If your application appears to hang when you open it, check behind it see if you are being prompted to log in.
- Click the Network Identity Manager icon in the system tray.
- You will be prompted for your username, realm, and password. Enter the following information and then click OK:
- Username: your SUNet ID
- Realm: stanford.edu
- Password: your SUNet ID password
Managing your Kerberos credentials
The Network Identity Manager menu provides several options to help you manage your Kerberos credentials. To access the menu, right-click the Network Identity Manager icon .
The following commands are available on the Network Identity Manager menu:
- Show Network Identity Manager window
- Displays a status window that shows how much time is left before your credentials expire. Credentials are valid for 1 day and 1 hour (25 hours).
- Obtain new credentials
- Displays the New Credentials window, which allows you to log in to Kerberos.
- Renews your credentials for another 25 hours without you having to enter your password. The maximum renewable time without having to re-enter your password is one week.
- Import Credentials
- Not used at Stanford.
- Destroys your credentials, thereby logging you out of Kerberos. Quitting an authenticated application does not destroy your credentials.
- Set Default
- Displays your network network identities and, if you have multiple network identities, you can select one as the default. When Kerberos for Windows is first installed, your default identity is your sunetid.stanford.edu.
- Change password
- Changes your SUNet ID password. This has the same effect as changing your password using StanfordYou.
- Help Contents
- Displays the Network Identity Manager online help.
- About Network Identity Manager
- Displays the Network Identity Manager version number, which is not the same as the Kerberos for Window version number.
- Closes Network Identity Manager and removes the icon from the notification area. Exiting does not destroy your credentials so you may still be logged in to Kerberos. To restart Network Identity Manager, click the Windows Start menu and navigate to All Programs > Kerberos for Windows > Network Identity Manager.