| 7-009 | |
| Experience with Kerberos Strong Authentication at Fermilab | |
| Matt Crawford, Irwin Gaines | Fermilab is in the process of implementing a policy requiring strong authentication using Kerberos to use lab computing resources. While the primary motivation for this policy is to prevent disclosure of passwords on the internet (the major source of security incidents at the lab in recent years), the policy also provides for a single signon for use of multiple lab computers and much more convenient account management. We will discuss the technical details of implementation of this policy, the effect on users, both local and remote, and our current status. The CDF and D0 experiments were brought fully into the strengthened realm before the start of Run 2 in early 2001. Other lab computers and users are gradually entering the strengthened realm, with the intention of completing the transition by the end of 2001. A particular challenge is the cross authentication between UNIX systems (using MIT Kerberos) and Windows systems (using Microsoft authentication). |
Keywords: |
security Kerberos |
| Contact: | Dr. Irwin Gaines |
| Fermilab | |
| gaines@fnal.gov | |