• dCal home
• dCal tour
• dCal software
• dCal support
• dPartmental info
• Contact us

Sign in to dCal Web client

Using Kerberos with dCal

Kerberos is a computer network authentication protocol that allows individuals communicating over an insecure network to prove their identity to one another in a secure manner. By authenticating securely with the Duke Kerberos servers and using the GSSAPI option in the Oracle Calendar desktop client, your credentials are not sent to the dCal servers. Instead, the Oracle client checks your local Kerberos credentials and trusts that they are authoritative. This is particularly useful if you are using other applications that also utilize GSSAPI for authentication (SAP/R3, Active Directory, Linux logins, etc.). In addition, once you establish Kerberos credentials with your NetID and correponding password, you do not have to enter them again during your computer session. You will only need to log in once, no matter how many times you open and close the Oracle Calendar desktop client.

If your computer is not already configured to use Kerberos/GSSAPI, install and configure a Kerberos client. For complete instructions, select your operating system from the list below:

• Microsoft Windows
• Apple OS X
• Linux

Warning: If your computer is already configured to use Kerberos, following the instructions below could cause other Kerberos/GSSAPI software to stop working. If you're not sure if you already have Kerberos installed, check with your desktop support staff.

Using Kerberos on Microsoft Windows

The latest Kerberos for Win32 client software is available from the MIT Kerberos Distribution page.

1. Download and start the installer for the latest version of "MIT Kerberos for Windows."
2. In the Installer Language window, select the desired language and click OK.
3. In the MIT Kerberos for Windows Setup window, click Next.
4. In the next window, which displays a License Agreement, click I Agree.
5. In the next window, whcih prompts you to Choose Components, leave the default options of KfW Client and KfW Documentation selected and click Next.
6. In the next window, which prompts you to Choose Install Location, click Next.
7. In the next window, which prompts you to select a Kerberos Configuration, select Download from web path and replace [Obtain a URL from your Kerberos administrator] with the following URL:
   
   http://dcal.duke.edu/support/
    
   Note: If the Use existing configuration option is displayed, the Installer has detected a previous installation of Kerberos on your computer. Continue only if you wish to upgrade your existing version. If you know that your existing configuration works successfully with the Duke Kerberos infrastructure, select Use existing configuration.
8. Click Next.
9. In the next window, which displays Network Identity Manager Setup, leave Autostart the leash ticket manager selected and click Next. Wait while the software installs.
10. In the next window, which displays Completing the MIT Kerberos for Windows Setup Wizard, click Finish.

Your computer is now configured to connect to the Duke Kerberos infrastructure. The MIT Kerberos Network Identity Manager will start every time you start Windows, prompting you to establish Kerberos credentials with your NetID and password.

Using Kerberos on Mac OS X

While Mac OS X already uses MIT Kerberos, it does not include some of the tools that GSSAPI requires. To remedy this, MIT has developed a package of "Kerberos Extras" for Mac OS X.

The latest Mac OS X Kerberos Extras client software is available from the MIT Mac OS X Kerberos Extras page .

1. Download and start the Mac OS X Kerberos Extras installer.
2. In the Authenticate window, type your Mac OS X password and click OK.
3. In the Mac OS X Kerberos Extras window, click Continue.
4. In the License window, click Accept.
5. In the Read Me window, click Continue.
6. In the Mac OS X Kerberos Extras window, Easy Install selected and click Install.
7. In the next window, which states Installation was successful, click Quit.

Store preferences

To configure MIT Kerberos to connect to Duke's Kerberos infrastructure, download the file below and place it in your /Library/Preferences folder:

Your computer is now configured to connect to the Duke Kerberos infrastructure. The first time you start a GSSAPI-compatible application (like Oracle Calendar), an Authenticate to Kerberos window appears, prompting you to establish Kerberos credentials with your NetID and password.