How do I know if it is safe to give a web site my password?
You should be at least as careful with your Kerberos
password as you would be with your credit card number. You
should never give your password to any site that is not
using SSL encryption ( look for the 'https' in the url and
a lock icon in your browser ). You should absolutely never
give your password to any web server that is not at
umich.edu. Web sites that rely on weblogin.umich.edu for
authentication will never ask you for your Kerberos
password; this means you need only give your password to
weblogin.umich.edu once ( at the beginning of your session
). If you suspect a web server is asking for passwords
that should not be, please let us know immediately.
When I login I get 4 error screens that say "Your browser has been redirected ..." what does this mean?
You are using Netscape version 4.x. These redirects are
perfectly normal ( in fact, they are necessary for the
proper functioning of weblogin ), but your very old version
of Netscape does not handle them properly. You may safely
ignore these error screens ( there is no way to disable
them ) or, better yet, upgrade to a current,
standards-compliant web browser.
I went to a web site ( directory.umich.edu, mail.umich.edu, etc. ) and it just let me in without asking for a password. What is going on? Is there a security problem?
This means that you had already begun a weblogin session by
visiting weblogin.umich.edu ( possibly to use some other
protected service? ). Once you have authenticated to
weblogin.umich.edu you have access to many protected web
services ( visit https://weblogin.umich.edu/ again to
see a list of some of them ). Just be sure to logout when you are finished.
weblogin.umich.edu and protected sites all require that I
accept a cookie to use them. Isn't this a privacy
No. These sites use only session cookies ( cookies that go
away when you quit your browser ) and are returned only to
the protected services you are using. These services need
to be able to tell who you are in order to, for example,
show you your own e-mail or give you access to your own
files. Just be sure to logout when
you are finished and quit your browser if you want to make
sure the cookies are gone.