EHS

Placeholder Dollar-sign ($) Usernames on EHSWEB

This technical note was Last updated by Jim Repa, 5/25/2006.


1. Why do some Kerberos usernames on EHSWEB begin with a dollar sign ($)?

Real Kerberos usernames cannot contain a dolllar sign. The EHSWEB system uses either a real or "placeholder" Kerberos username to identify a person within the system. The EHSWEB system has a table of all people at MIT who can be recorded in the system for various reasons, for example, having completed or uncompleted courses, or having some role within a Room Set or Training Group. This table of people contains the combined set of (a) current MIT employees, (b) current MIT students, and (c) anyone else who has a current Kerberos principal.

Employees or students who have never registered on Athena to get a real Kerberos principal are assigned a fake placeholder Kerberos username on EHSWEB, algorithmically derived from the person's MIT ID number. This placeholder dollar-sign username is used only within the EHSWEB system.

The sets of people within EHSWEB can further be subdivided as follows:

Type of person Did the person register
on Athena to get
a Kerberos principal?
What is stored in the
Kerberos username field
on EHSWEB?
EmployeeYes The person's real
Kerberos principal
EmployeeNo A fake username
starting with a dollar sign
made up on EHSWEB
StudentYes The person's real
Kerberos principal
StudentNo A fake username
starting with a dollar sign
made up on EHSWEB
Neither employee
nor student
Yes The person's real
Kerberos principal
Neither employee
nor student
No Nothing.
You cannot have any records
in EHSWEB if you are a
non-student, non-employee
without a Kerberos principal

2. Can an EHSWEB placeholder (dollar sign) username be used outside of EHSWEB?

No. These fake usernames are not used in SAP or the Warehouse. They are absolutely meaningless anywhere outside of EHSWEB.

A person who does not have a real Kerberos principal, and only has a fake username (beginning with a dollar sign) cannot get a web certificate. Therefore, the person cannot take the TNA, register for courses online, use MIT email, or do anything else online that requires a certificate or Kerberos ticket. A fake dollar-sign doesn't allow you to connect to EHSWEB, and it is useless outside of EHSWEB.

3. If I have an EHSWEB placeholder (dollar sign) username, how do I get rid of it and get a real Kerberos username?

If you have a fake (dollar sign) username, then you are almost certainly either a student or an employee at MIT. That means you are eligible to use the standard Athena registration tools to get a real Kerberos username. As soon as you have a real Kerberos username, your fake username will disappear in EHSWEB records and your new real Kerberos username will appear in its place.

It should take overnight for your new Kerberos username to be recorded in EHSWEB. The system recognizes that your MIT ID number that used to be associated with a fake dollar-sign username is now associated with a real Kerberos name. There is a nightly program that goes through all of the tables on EHSWEB to make this adjustment. (After Phase 3 enhancements go into effect in summer 2006, there will be more tables affected, and the nightly program will have to be enhanced.)

4. Are there any exceptions to the rule that only employees and students have placeholder (dollar sign) usernames?

Rarely. The vast majority of people with fake (dollar sign) usernames on EHSWEB are students or employees who just need to use standard Athena registration tools to register for a real Kerberos username.

There are, however, a couple possibilities that would be an exception to this rule. Please remember that the examples below are extremely rare.

  1. A person's MIT ID number as recorded in HR or Student Systems was not entered, or incorrectly entered, in the Athena Users database (Moira). Then EHSWEB would presume that the person has no Kerberos username and makes up a fake one.

  2. A person is an ex-student or ex-employee who has been in the system who, for some reason, was not archived and removed from the active EHSWEB data. This is probably due to some human error (mistyped MIT ID number or other mis-entered data) in HR, Student Systems, or Athena User Accounts, accompanied by the person leaving MIT and coming back.