Cornell's Online Services Away from Ithaca or without Bear Access

• Overview
• Checking Your Cornell E-mail
• Checking Your Grades (and other Just the Facts info)
• Quick Links for Finding Services
• Getting Access - Kerberos, CUWebLogin, TLS and Non-Cornell IP Addresses
• Getting Software
• Using Cornell Dial-up Services Long Distance
• Tips for Minimizing Connection Time with Web Browsers

Access Restrictions

Contents: Kerberos and SideCar Restriction by IP Address

Certain Cornell services ask you to enter your NetID and password for access to personal information. Cornell policy requires these services to use security measures such as encryption to protect your password from being stolen on the net.

Authentication

Cornell's main password security system is Kerberos, an extremely secure system that allows services to confirm your password without needing to transmit the password over the net. Many Cornell services, including Eudora mail, COLTS, and Just the Facts, have Kerberos built in. To get Kerberos for your Macintosh or Windows computer without Bear Access, go to the Cornell Kerberos Distribution page.

Some services that do not have Kerberos built in use a helper program to communicate with Kerberos.

• SideCar is a helper program that must be installed and running on your computer before you try to use a service that depends on it. SideCar is included when you download Kerberos at Cornell. You may need to start SideCar manually.

• An alternate helper program called CUWebLogin grants access to restricted web pages when SideCar is not available. CUWebLogin does not need any software intalled on your computer, but only works for web-based services. CUWebLogin prompts you for your NetID and password right in your web browser window.

TLS can be used as an alternative to Kerberos for some services. TLS is the newest version of SSL, the software that protects credit card transactions on the web. TLS with Eudora is recommended for people who manage several Cornell e-mail addresses (special mailboxes). E-mail programs that can't use Kerberos, such as Microsoft Outlook or Outlook Express, can be set up to use Cornell's e-mail services with TLS; CIT does not support these e-mail programs, but as a courtesy offers instructions for setting up TLS with various Windows mail programs and Apple's Mac OS X Mail.

All services that use Kerberos or TLS require a Cornell Net ID and password.

Restriction by IP Address

Some of the online services used by the Cornell community do not originate at Cornell, but are licensed from other companies. These services include many of the Library Gateway's searchable databases, and some distributions of "site-licensed" software on CIT servers. When you try to use these services, you may be denied access if a server cannot tell that you are affiliated with Cornell. To identify people who are covered under Cornell's license, servers typically look at your computer's IP address, which is assigned according to the way you connect to the network.

• You have a Cornell IP address, and so will be granted access to services licensed by Cornell, when you connect on campus using Ethernet or ResNet, or when you dial in to one of Cornell's modem services, EZ-Remote or Express Lane.

• You have an outside IP address, and so will be denied access to services licensed by Cornell, if you connect through some other site's network (for example, while visiting another institution out of town), or if you connect through a non-Cornell Internet Service Provider (ISP) such as LightLink or RoadRunner.
  
  If you are visiting another institution, you may be able to get access through that institution's library to the same library databases you use at Cornell.