AFS & Kerberos
Best Practices Workshop 2006
An Introduction to Kerberos and it's Best Practices
Speaker: Ken Hornstein, Naval Research Labs
June 13, 2006 from 9am to 5pm
available - Userid: afsworkshop Password: kerberos
With its adoption by diverse vendors such as Microsoft, Sun, and Apple,
Kerberos has become the de-facto standard for enterprise authentication.
Sadly, the documentation for Kerberos has never been its strong point.
Many administrators find the lack of "big picture" documentation a
hinderance to the use of Kerberos, and how it interacts with AFS has
always been an endless source of confusion.
The goal of this tutorial is to de-mystify Kerberos, and explain its role
within AFS. While this will not be a hands-on tutorial, participants are
encouraged to ask specific questions related to issues they have with
Kerberos at their site. Topics will include:
- A basic introduction to the Kerberos protocol.
- Site requirements for using Kerberos.
- Understanding the whole encryption type negotiation mess.
- Basic Kerberos administrative operations (Heimdal and MIT will be covered)
- Kerberos's interactions with AFS.
- The differences between the Kerberos supplied with AFS and "third-party"
Kerberos implementations, and migration paths.
- Cross-realm authentication, and how it operates with AFS.
- What "aklog" is, and the role it plays in the authentication process.
- Strategies for making Kerberos authentication as seamless as possible at
Participants who ask questions about gsslog will be pelted with overripe
The day will be 4 90 minute sessions with breaks in the morning and
afternoon, plus a mid-day break for lunch [which will be provided].
Current Attendees are:
- Richard Alexander, CSCS
- Russ Allbery, Stanford University
- Brian Awood, UMich
- Andrew Bacchi, RPI
- Peter Bircher, ETHZ
- Adam Bisaro, UMich
- David Boldt, USGS
- Giovanni Bracco, ENEA
- Richard Brittain, Dartmouth University
- Mark Cross, Duke University
- Pietro D'Angelo, ENEA
- Brian Davidson, George Mason University
- Steve Devine, MSU
- Tracy Di Marco White, Iowa State University
- Michael Dopheide, NCSA
- Jay Elvove, University of Maryland
- John Ferrell, Qualcomm
- Jane Florez
- Chris Fruewirth, University of Notre Dame
- Michael Garrison, UMich
- Heather Goldsby, Michigan State University
- Asanka Herath
- Nick Hinkle-Degroot, UMich
- Eric Holp, Michigan State University
- Adrian Jones
- Bob Kaneshige
- Digant Kasundra, Stanford University
- Ubaidul Khan, GMU
- Robert King, UMich
- Daniel Kouril
- Tom Kula, Iowa State University
- Jay Kusler, MSU
- Andrew Lang, Kansas University
- Gail Lift, UMich
- Will Maier, University of Wisconson
- Terry Maluk, USGS
- Sean O'Malley, Michigan State University
- Robert Petkus, BNL
- Michael Polek
- Jeff Quinn, Michigan State University
- Martin Sager, UMich
- Charles Stuart, UMich
- Serge Torres
- Neil Tweedy, University of Michigan
- Peter van der Reest, DESY
- Joseph Vilas
- Kevin Walsh
- Kris Webb, Teradactyl
- Jason White
- Tony Winkler, UMich