EZ-Remote and Kerberos
If you use Bear Access via a phone line, your Kerberos ticket contains information about the network address of the modem to which you have connected when you dial in to campus. This bit of information forms part of the Kerberos security mechanism and remains valid as long as you remain connected (up to 8 hours). You may check mail as many times as you like and may use other Kerberized services during your session as long as you maintain the modem connection.
If you do break your phone connection, or your call is interrupted, your computer has no way to automatically tell Kerberos that the ticket is no longer valid and should be forgotten. Therefore, if you try to check your mail after dialing in to re-establish a connection, Kerberos will produce an error message because the network address of the modem to which you connect on the second time will not match the one you had on the first connection. This aspect of Kerberos provides good security, but the error message can be annoying.
To avoid error messages related to outdated tickets, clear your ticket using one of the methods listed above. If Kerberized services do not have a ticket when they need one, you get a chance to enter your password to obtain a new ticket. If Kerberized services have an outdated ticket, you get an error message instead. Whenever you dial in to campus and use a Kerberized service, you should clear your ticket before disconnecting. Alternatively, if you later dial in again, be sure to clear your ticket as soon as you connect the second time.
EZ-Remote home page
Kerberos and SideCar at Cornell home page