Overall System Status:
Web Authentication (WebAuth) is a system designed to streamline the authentication process for any of Dartmouth's web-based systems, to make the process of logging into web-based systems more secure, and to provide support for additional operating systems.
For more information on the Web Authentication system, please contact the IT Service Desk (Help Desk) at 646-2999 and select from the options provided, send e-mail to firstname.lastname@example.org, or call your department's IT support office.
Once a web-based system that requires authentication is upgraded to use the new WebAuth system, many users will no longer be prompted to log in to that system. This is because the first thing the WebAuth system does is to automatically look for a valid PKI certificate pair. If it exists, and if the private certificate is for someone who is supposed to have access to the system, they will automatically be let in.
If a valid PKI certificate pair does not exist on the computer, then the WebAuth system will look for a Kerberos ticket. If there is already a valid Kerberos ticket, and if the ticket is from someone who is supposed to have access to the system, they will automatically be let in. (Note: WebAuth will not prompt for a Kerberos ticket like SideCar currently does. The Kerberos ticket needs to be obtained prior to accessing the authenticated Web site if Kerberos is going to be used.)
If there is not a valid PKI certificate pair, and if there is not a valid Kerberos ticket, the user will be prompted for their DND user name and password. If the information they enter is for someone who is supposed to have access to the system, they will be let in.
After authenticating to one system — either via PKI, Kerberos, or the DND — any other web-based system the user tries to access that also uses the WebAuth system will automatically use the same credentials to determine whether the user has access to the system. In other words, you will not be prompted to enter your user name and password again, unless you have logged out of all the systems that use WebAuth.
Currently, there are different interfaces to every web-based system. Many people have gotten into the habit of entering their user name and password whenever they are prompted to enter it.
There are currently web-based systems at Dartmouth that are created and maintained by people other than Computing Services. Computing Services cannot guarantee that the user name and password a user enters to access one of those systems is not being captured and used to allow other people access to an account.
The goal is to have all official systems use the new WebAuth system, so that members of the Dartmouth community will know they should only enter their PKI certificate credentials (see Using PKI Secure Certificates at Dartmouth: Macintosh, Windows) or their user name and password into the WebAuth system window. If they are prompted to enter their login credentials on a different screen, they should find out where that information is going to go before proceeding.
Another benefit of the new WebAuth system is the addition of support for any operating system that uses a standard browser, such as Firefox, Internet Explorer, Safari, or Opera (Note: WebAuth has not been tested with Google's new browser, Chrome).
WebAuth will allow users of Linux and Intel-based Macintosh computers — systems not supported by SideCar — to authenticate to applications.
Additional software does not need to be installed on a computer in order to use WebAuth.
For information on whether a particular application at Dartmouth will support WebAuth, please contact the IT Service Desk (Help Desk) at 646-2999 and select from the options provided, send e-mail to email@example.com, or call your department's IT support office.
The WebAuth systems first looks for a valid PKI certificate (either on the local hard drive or on an eToken), then looks for a valid Kerberos ticket. If it finds neither of these, it will prompt you for a valid DND user name and password.
Remember that to use Kerberos, you must already have a Kerberos ticket on your machine. To obtain a Kerberos ticket on Mac OS X, open the Kerberos application in your /Applications/Utilities folder. On Windows, right-click on the blue lock in your system tray in the lower right-hand corner.
Note: Kerberos will not work on Macintosh computers with an Intel processor (most machines built after June 2006).
Additionally, make sure you have a valid network connection, and that the web browser you are using is configured to accept cookies.
The WebAuth system supports accounts for several different types of users. If you are having trouble logging in, follow the directions in the section below for your account type.
If you have forgotten your eToken or DND password, please contact the IT Service Desk (Help Desk) at 646-2999 and select from the options provided, send e-mail to firstname.lastname@example.org, or call your department's IT support office.
If you have never accessed an Alumni system, you will need to register to create your account.
If you already have an account, but have forgotten your password, you can re-register to choose a new password.
The DHMC Computer User Support pages contain help and contact information for account problems.
The Library Account Login page contains help and information.
Last Updated: 10/26/12