ACCESS DENIED (!read the rest of the text below!)

Note: Access to these pages is done through Kerberos. Your system and browser must be set up as described below.

Your access to either the Location 1 or Location 2 was denied (401). This can have several reasons:

i. You do not have a valid kerberos ticket
type kinit in a shell to get a ticket, verify with klist that your ticket is valid
ii. Your web browser is not set up for single sign-on
read the relevant documentation, then configure network.negotiate-auth.trusted-uris to .example.com. You do not need to configure delegation.
iii. If you get your TGT after launching the browser
please quit and restart your browser, some do not handle TGT acquired after browser launch.
iv. you are not on the list of users granted access to the pages
email your admin and ask for access, stating

the primary aim of the access control is to make sure that no person who should not access these pages gets in. As such, I use a white-list, meaning you must explicitly be listed to have access.

These pages do not, and will never, ask you to enter your kerberos login/password. You should be wary of any pages that do. Single sign-on means you kinit once a day and never enter your kerberos password after that.

pcfe, 2014-03-12