Versions Compared

Old Version 5

changes.mady.by.user Paul B Hill

Saved on

compared with

New Version 6

changes.mady.by.user Paul B Hill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The MIT Web application you are using requires you to identify yourself via the MIT Touchstone system. You can do this by providing your Kerberos username and password. Typically, it It is also possible to authenticate using existing Kerberos tickets under some circumstances. or an MIT user certificate. Once you have authenticated successfully, you will be able to proceed and enter the requested web site. If you don't have an MIT Kerberos account, see What if I don't have a username below.

...

Your access to Touchstone enabled applications shuold last should last only until you quit your browser program. Be sure you have secured sure to secure your identity by quitting your browser before you leave your computer unprotected; otherwise. Otherwise, someone else using your computer after you can impersonate you on the Touchstone systems - both to the sites that you are using as well as to any of the other web sites that accept MIT Touchstone as an authentication authority.

...

On the MIT Touchstone Login page you can identify yourself by one of two three mechanims" methods:

  • By presenting an MIT X.509 certificate. If you have a certificate accessible to your browser, simply click on the "Use Certificate - Go" button.
  • By entering your MIT Kerberos username and password in the username and password fileds and click on the Login button. Use the Tab key or your mouse to put the cursor into the entry fields.
  • By using your existing Kerberos tickets, if your browser is properly configured. This last choice typically only applies to users of the Athena and WIN.MIT.EDU computer systems, and who have also taken additional steps to configure their environment to support this feature.

How do I know if I have an MIT X.509 Certificate, or how do I obtain one?

Certificates are your key to most of the secure web applications at MIT which do not yet use MIT Touchstone. Such systems currently include Benefits, Request Tracker, SAPweb, and WebSIS. Certificates are the preferred way to access MIT web servers and applications. The link at the star of this paragraph will take you to the IS&T page that provides lots of information about certificates, including how to obtain one.

How do I know if I have an MIT Kerberos username and password?

Many MIT computer-based systems and services share the same username/password authentication service, Kerberos. This means a user has to keep track of only one username and password -- the user's MIT Kerberos username and password -- for many systems. If you have an email account at MIT that has an address that has the form <username>@mit.edu, then you have an MIT Kerberos username, and most likely know its password.  Creating and Using Your MIT Kerberos Identity has much more information establishing your Kerberos identity at MIT and the system where you may use it.

...

Although we just mentioned Kerberos as it relates to your username and password at MIT, Kerberos is also a computer network protocol. Online services that are protected by Kerberos will ask to see your Kerberos "ticket" before they will let you in. At MIT there are many native applications (as opposed to in contrast to web applications) which use the Kerberos protocol for authentication. Some of these include the native clients for SAP, TechTime, COEUS, and Jabber. In particular you obtain Kerberos tickets when you log into an Athena workstation or a machine in the WIN.MIT.EDU Domain.   

Users of Athena and WIN.MIT.EDU may find the use of Kerberos tickets in conjunction with MIT Touchstone enabled applications particularly attractive. By using this feature you will have already performed the necessary authentication when you logged into the workstation. If your browser is configured correctly, and you have set a preference to use this feature, each time you attempt to access a Touchstone enabled application you will quickly be granted access without being prompted for any additional information.

...

Missing or Incorrect username and/or Password: To authenticate to MIT Web LoginTouchstone, you must provide both your username and its password. If you have forgotten your username or password or need other assistance with them, please contact Athena User Accounts.

You must enable cookies on your web browser: The MIT Web Login MIT Touchstone system requires that your web browser accept "cookies", small files that web servers send to your computer. Cookies have many purposes, some of them of questionable value to you. However, MIT Web Login MIT Touchstone uses them for security and verification. Having a cookie for an MIT Web Login MIT Touchstone web site identifies you to the site and allows you to continue from one page of the site to another without having to login each time. You can usually enable cookies in the Settings or Preferences panels of your browser program.

You took too long to login: You must enter your username and password within 2 within 5 minutes of the MIT Web Login MIT Touchstone login screen appearing . If you don't, you will get this error message. You in your browser window. After that time has elapsed, you must re-initiate the request for the web page or service you want - that may mean to access by re-entering the URL in the address bar or by returning to the page with the link to this service. Backing up original site which first asked you to authenticate. Reloading or returning to the MIT Web Login Touchstone login page and trying again will not work.