You can check the status of your SUNet ID or reset your password at the Accounts page.
If you know your current SUNet ID password and wish to change it, click on the Manage button, then Change password.
The Internet is abuzz with news of the "Heartbleed" bug that affected the security of the majority of web servers in the world, as well as other computer systems that rely on OpenSSL code.
Kerberos authentication is supported for single sign-on, but it is not possible to use SSH public-key authentication when connecting to Stanford hosts as a matter of policy. Public-key authentication does not integrate well with key elements of Stanford's UNIX infrastructure.
In Windows, Kerberos is called MIT Kerberos.
In the Control Panel, use the Add/Remove Programs tool to uninstall MIT Kerberos. After uninstalling, restart your computer if prompted.
To remove MIT Kerberos for Windows:
For security reasons, a Kerberos-aware ssh client doesn't forward your Kerberos tickets to the remote system. This means that while the remote system knows who you are, you don't have any tickets there to authenticate to other services, including AFS.
The solution is to enable ticket forwarding (ssh calls this delegation) for only those hosts that you trust.
Stanford used to provide a modified version of Kerberos for UNIX systems. These modifications were non-standard, aren't present in the Kerberos programs that come with current operating systems, and are mostly obsolete given the retirement of Kerberos v4.
Open the Network Identity Manager menu and destroy the credential labeled yourSUNetID@stanford.edu.
To log out and destroy your Kerberos tickets:
1) Right-click the NIM icon to open the Network Identity Manager menu.
The NIM icon looks like a cube. You'll find it in your System Tray in the lower right part of your screen .
Kerberos is an authentication service between machines on an open network, and is the heart of Stanford's campus-wide security infrastructure.
Now you can perform most list management functions through your list web site. Go to the Mailman web site at http://www.stanford.edu/services/mailman/ and click the Manage the lists I own link to configure each of your mailing lists.
Stanford's Kerberos 4 realm is IR.STANFORD.EDU (all uppercase). Stanford's Kerberos 5 realm is stanford.edu (all lowercase)The IT Services authentication servers for Stanford's Kerberos 4 realm are:
Any of these servers can be the admin server.
The most common reason for getting timeout errors when running kinit is that the clock on the local UNIX machine is out of sync with the campus clock. Kerberos relies on a fairly consistent time across the network.
To update your clock, run: /usr/pubsw/sbin/ntpdate time.stanford.edu
While working with AFS directories, you may get a message saying that you don't have enough privileges to make the change you are trying to make. Sometimes this is true; you might not have access to someone else's home directory to remove files, for example.
The most common reason you would be unable to view your files in AFS is that your Kerberos credentials have expired.
To see whether you have valid Kerberos credentials:
1) Run tokens.
2) If there are no tokens listed, your old tokens have expired. Obtain new credentials.
To obtain new credentials for AFS and Kerberos: