The Active Directory of the D.ETHZ.CH domain provides the Kerberos service for ETH. Kerberos can be used just to verify authentication but also to access NFS4 (and CIFS) shares on Linux systems.

Kerberos uses tickets with a limited life time that can be used instead of a password for authentication. To get a ticket an ETH user name and the ETH password for email is needed.

Kerberos works best if only ETH user name names are used, also for local users.


Configuring Kerberos on a Linux system can be simple or extensive, depending on what is needed:

Obtaining Tickets

A local user can use the kinit, klist and kdestroy utilities once the minimal configuration is done.

To get a ticket run


To list your ticket(s) run:


To destroy your ticket run:


For security reasons it is good practice to destroy tickets when not needed anymore, expecially on multi-user systems.

Page URL:
© 2024 Eidgenössische Technische Hochschule Zürich