have developed shell scripts to make it easy to switch between them.
* nelhage has the [krbroot
- command](http://web.mit.edu/nelhage/Public/krbroot), with which you
+ command](https://web.mit.edu/nelhage/Public/krbroot), with which you
use syntax like "krbroot ssh linerva" when you want to use your
root instance for a command. You can also "krbroot shell". adehnert [extended it](https://www.dehnerts.com/gitweb/?p=user/alex/software/my-snippets.git;a=blob;f=krbroot;hb=HEAD) to add a `krbroot screen` subcommand, use `ATHENA_USER`, and support arbitrary principals.
- * quentin and broder wrote [kdo](http://web.mit.edu/snippets/kerberos/kdo),
+ * quentin and broder wrote [kdo](https://web.mit.edu/snippets/kerberos/kdo),
which is similar in spirit to krbroot, but designed for Mac OS
X. It takes advantage of the fact that OS X's Kerberos
implementation is better at handling multiple tickets.
- * geofft has [kpagsh](http://web.mit.edu/geofft/Public/bashrc.kpagsh),
+ * geofft has [kpagsh](https://web.mit.edu/geofft/Public/bashrc.kpagsh),
a way of configuring your .bashrc to prompt you for tickets (null
instance by default) if you start a shell and don't have
tickets. If you want to switch tickets, you start a new shell, and
## Getting them
You need to show up in person to [IS&T User
-Accounts](http://ist.mit.edu/support/accounts) in
-[E17](http://whereis.mit.edu/?go=E17) during business hours with a
+Accounts](https://ist.mit.edu/support/accounts) in
+[E17](https://whereis.mit.edu/?go=E17) during business hours with a
photo ID to obtain new Kerberos identities. For the reasons described
above, being in control of your null instance and sending a zephyr or
authenticated e-mail with it does not mean that you can go ahead and
make changes to your root or extra instance too. While you're there,
be sure to ask for a pts id, if you want to use your tickets with AFS.
+**2024 update: You can just email the service desk. They will ask you to send a picture of a photo ID to verify it's you. I went in person and all they did was open a ticket.**
+
## Upgrading cryptographic strength
You should change your root instance’s password with a command like this, to upgrade your key from critically weak DES encryption algorithm to strong AES encryption:
- kadmin -p andersk/root -q 'cpw -e aes256-cts:normal -e aes128-cts:normal andersk/root'
+ kadmin -p andersk/root -q 'cpw -e aes256-cts:normal,aes128-cts:normal andersk/root'
-(Note: This previously made your password incompatible with a [handful of services](http://debathena.mit.edu/trac/ticket/529) that you should not have been using with your root instance in the first place, but these services have now been fixed.) You can confirm the change with
+(Note: This previously made your password incompatible with a [handful of services](https://debathena.mit.edu/trac/ticket/529) that you should not have been using with your root instance in the first place, but these services have now been fixed.) You can confirm the change with
kadmin -p andersk/root -q 'getprinc andersk/root'
sipb-www / wiki.git / blobdiff