Use New Macintosh and Windows Applications to Change Your MITnet Password Susan Jones Publications Services Computer passwords are like keys: they are a way to control access to machines and the files and programs on them. You may use passwords for e-mail, to connect to local computers and servers, or to gain access to computers over a network. To ensure the security of your passwords, it's important to change them at least twice a year. The start of a new academic year is a good time to change your MITnet password, also known as your Athena, TechMail, MacZephyr, MacDiscuss, or Kerberos password. (It's probably a good time to change other passwords as well, but this article deals only with your MITnet password. Consult your system manager for help with changing other passwords.) For advice on choosing a good password, call x3-5150 for Guidelines for Choosing a Password (RP-7.2), or search on the keyword "password" in TechInfo. Kerberos Passwords To use the Athena system and network-related Macintosh and DOS/Windows applications, you must have a Kerberos username and password. Some Macintosh and DOS/Windows applications at MIT that use Kerberos to authenticate a user's identity are TechMail, TechInfo (provider functions only), MacDiscuss, and MacZephyr. In Greek myth, the three-headed dog Kerberos guarded the gates of Hades. These days, Kerberos is an authentication service developed at MIT for open network environments such as MITnet. Kerberos verifies that you are who you claim to be by matching your username and password, called a Kerberos principal, to a private key encryption. When you start an application, such as TechMail, you must identify your-self by giving your Kerberos principal. The Kerberos service checks to make sure that your name and password match the encrypted key before it gives you access to the service you have requested. The security of the network environment is maintained by never sending unencrypted Kerberos passwords over the network. On the Macintosh, at present, you must receive authentication for each application separately. On the Windows side, a new utility lets you "log on" a single time and receive authentication for the entire Windows suite of MITnet applications. Changing Your Password So how do you change your MITnet password? That depends on the system you use (see bullets below). Be aware that if you work across platforms - say on a Macintosh and Athena - changing your MITnet password on one automatically changes it on the other. * Macintosh users: A new IS-developed program, called kpasswd 1.0, lets you change your MITnet password from your desktop. If you use TechMail, MacZephyr, and/or MacDiscuss, using kpasswd will change your password for all these programs at once. You can get kpasswd 1.0, and the accompanying readme file, via anon- ymous ftp from net-dist.mit.edu. It's in the directory/pub/mac/kpasswd. When you start kpasswd, it asks for your old password, then has you type in your new password twice. The program checks your choice against a dictionary, and does not let you choose a "bad" password. Your new password takes effect immediately. * Athena users: At the athena% prompt, type passwd. You will go through the steps described above for kpasswd. * Windows and DOS users: Some Kerberos utilities - including Leash, which has kpasswd functionality - will be distributed on the LAN WorkPlace 4.1 installation disks. For more information, see "DOS and Windows Support" in TechInfo (Main Menu'Computing' Networking), or call the Network Help Desk at x3-4101 . * Other systems: Talk to your system administrator for advice on passwords. Resources If you forget your Athena or MIT- net password, go to Athena User Accounts, Room 11-124H, and they will help you set up a new one. If you have questions about MITnet or passwords, call the Network Help Desk at x3-4101 . .