AFS & Kerberos Best Practices Workshop 2006

An Introduction to Kerberos and it's Best Practices

Speaker: Ken Hornstein, Naval Research Labs

June 13, 2006 from 9am to 5pm

-------- Slides are available - Userid: afsworkshop Password: kerberos --------

With its adoption by diverse vendors such as Microsoft, Sun, and Apple, Kerberos has become the de-facto standard for enterprise authentication.

Sadly, the documentation for Kerberos has never been its strong point. Many administrators find the lack of "big picture" documentation a hinderance to the use of Kerberos, and how it interacts with AFS has always been an endless source of confusion.

The goal of this tutorial is to de-mystify Kerberos, and explain its role within AFS. While this will not be a hands-on tutorial, participants are encouraged to ask specific questions related to issues they have with Kerberos at their site. Topics will include:

• A basic introduction to the Kerberos protocol.
• Site requirements for using Kerberos.
• Understanding the whole encryption type negotiation mess.
• Basic Kerberos administrative operations (Heimdal and MIT will be covered)
• Kerberos's interactions with AFS.
• The differences between the Kerberos supplied with AFS and "third-party" Kerberos implementations, and migration paths.
• Cross-realm authentication, and how it operates with AFS.
• What "aklog" is, and the role it plays in the authentication process.
• Strategies for making Kerberos authentication as seamless as possible at your site.

Participants who ask questions about gsslog will be pelted with overripe fruit.

The day will be 4 90 minute sessions with breaks in the morning and afternoon, plus a mid-day break for lunch [which will be provided].

Current Attendees are:

1. Richard Alexander, CSCS
2. Russ Allbery, Stanford University
3. Brian Awood, UMich
4. Andrew Bacchi, RPI
5. Peter Bircher, ETHZ
6. Adam Bisaro, UMich
7. David Boldt, USGS
8. Giovanni Bracco, ENEA
9. Richard Brittain, Dartmouth University
10. Mark Cross, Duke University
11. Pietro D'Angelo, ENEA
12. Brian Davidson, George Mason University
13. Steve Devine, MSU
14. Tracy Di Marco White, Iowa State University
15. Michael Dopheide, NCSA
16. Jay Elvove, University of Maryland
17. John Ferrell, Qualcomm
18. Jane Florez
19. Chris Fruewirth, University of Notre Dame
20. Michael Garrison, UMich
21. Heather Goldsby, Michigan State University
22. Asanka Herath
23. Nick Hinkle-Degroot, UMich
24. Eric Holp, Michigan State University
25. Adrian Jones
26. Bob Kaneshige
27. Digant Kasundra, Stanford University
28. Ubaidul Khan, GMU
29. Robert King, UMich
30. Daniel Kouril
31. Tom Kula, Iowa State University
32. Jay Kusler, MSU
33. Andrew Lang, Kansas University
34. Gail Lift, UMich
35. Will Maier, University of Wisconson
36. Terry Maluk, USGS
37. Sean O'Malley, Michigan State University
38. Robert Petkus, BNL
39. Michael Polek
40. Jeff Quinn, Michigan State University
41. Martin Sager, UMich
42. Charles Stuart, UMich
43. Serge Torres
44. Neil Tweedy, University of Michigan
45. Peter van der Reest, DESY
46. Joseph Vilas
47. Kevin Walsh
48. Kris Webb, Teradactyl
49. Jason White
50. Tony Winkler, UMich