Skip to main content

Search this Site

DartPulse Alerts

Java Upgrade

Windows XP Alert

Chrome Printing Issues

 

DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with Computing

facebook twitter Wordpress Blog

Web Authentication

Web Authentication (WebAuth) is a system designed to streamline the authentication process for any of Dartmouth's web-based systems, to make the process of logging into web-based systems more secure, and to provide support for additional operating systems.

Also see:

For more information on the Web Authentication system, please contact the IT Service Desk (Help Desk) at 646-2999 and select from the options provided, send e-mail to help@dartmouth.edu, or call your department's IT support office.

Streamlined Authentication

Once a web-based system that requires authentication is upgraded to use the new WebAuth system, many users will no longer be prompted to log in to that system. This is because the first thing the WebAuth system does is to automatically look for a valid PKI certificate pair. If it exists, and if the private certificate is for someone who is supposed to have access to the system, they will automatically be let in.

If a valid PKI certificate pair does not exist on the computer, then the WebAuth system will look for a Kerberos ticket. If there is already a valid Kerberos ticket, and if the ticket is from someone who is supposed to have access to the system, they will automatically be let in. (Note: WebAuth will not prompt for a Kerberos ticket like SideCar currently does. The Kerberos ticket needs to be obtained prior to accessing the authenticated Web site if Kerberos is going to be used.)

If there is not a valid PKI certificate pair, and if there is not a valid Kerberos ticket, the user will be prompted for their DND user name and password. If the information they enter is for someone who is supposed to have access to the system, they will be let in.

After authenticating to one system — either via PKI, Kerberos, or the DND — any other web-based system the user tries to access that also uses the WebAuth system will automatically use the same credentials to determine whether the user has access to the system. In other words, you will not be prompted to enter your user name and password again, unless you have logged out of all the systems that use WebAuth.

Top of page

Secure Access

Currently, there are different interfaces to every web-based system. Many people have gotten into the habit of entering their user name and password whenever they are prompted to enter it.

There are currently web-based systems at Dartmouth that are created and maintained by people other than Computing Services. Computing Services cannot guarantee that the user name and password a user enters to access one of those systems is not being captured and used to allow other people access to an account.

The goal is to have all official systems use the new WebAuth system, so that members of the Dartmouth community will know they should only enter their PKI certificate credentials (see Using PKI Secure Certificates at Dartmouth: Macintosh, Windows) or their user name and password into the WebAuth system window. If they are prompted to enter their login credentials on a different screen, they should find out where that information is going to go before proceeding.

Top of page

Supported Systems

Another benefit of the new WebAuth system is the addition of support for any operating system that uses a standard browser, such as Firefox, Internet Explorer, Safari, or Opera (Note: WebAuth has not been tested with Google's new browser, Chrome).

WebAuth will allow users of Linux and Intel-based Macintosh computers — systems not supported by SideCar — to authenticate to applications.

Additional software does not need to be installed on a computer in order to use WebAuth.

Top of page

Applications Currently Using WebAuth

For information on whether a particular application at Dartmouth will support WebAuth, please contact the IT Service Desk (Help Desk) at 646-2999 and select from the options provided, send e-mail to help@dartmouth.edu, or call your department's IT support office.

Top of page

WebAuth Help

The WebAuth systems first looks for a valid PKI certificate (either on the local hard drive or on an eToken), then looks for a valid Kerberos ticket. If it finds neither of these, it will prompt you for a valid DND user name and password.

Remember that to use Kerberos, you must already have a Kerberos ticket on your machine. To obtain a Kerberos ticket on Mac OS X, open the Kerberos application in your /Applications/Utilities folder. On Windows, right-click on the blue lock in your system tray in the lower right-hand corner.

Note: Kerberos will not work on Macintosh computers with an Intel processor (most machines built after June 2006).

Additionally, make sure you have a valid network connection, and that the web browser you are using is configured to accept cookies.

Help by Affiliation

The WebAuth system supports accounts for several different types of users. If you are having trouble logging in, follow the directions in the section below for your account type.

Dartmouth College Faculty, Staff, and Students

If you have forgotten your eToken or DND password, please contact the IT Service Desk (Help Desk) at 646-2999 and select from the options provided, send e-mail to help@dartmouth.edu, or call your department's IT support office.

Dartmouth Alumni

If you have never accessed an Alumni system, you will need to register to create your account.

If you already have an account, but have forgotten your password, you can re-register to choose a new password.

Dartmouth-Hitchcock Medical Center Staff

The DHMC Computer User Support pages contain help and contact information for account problems.

Dartmouth College Library Users

The Library Account Login page contains help and information.

For answers to specific questions:

Top of page

Last Updated: 10/26/12