An Introduction to Kerberos and it's Best Practices

Intructor: Jeffrey Altman (Secure Endpoints) and Ken Hornstein

Location: Second Floor of Campus Center at NJIT

With its adoption by diverse vendors such as Microsoft, Sun, and Apple, Kerberos has become the de-facto standard for enterprise authentication.

Sadly, the documentation for Kerberos has never been its strong point.  Many administrators find the lack of "big picture" documentation a hindrance to the use of Kerberos, and how it interacts with AFS has always been an endless source of confusion.

The goal of this tutorial is to de-mystify Kerberos, and explain its role within AFS. While this will not be a hands-on tutorial, participants are encouraged to ask specific questions related to issues they have with Kerberos at their site. Topics will include:

• A basic introduction to the Kerberos protocol.
• Site requirements for using Kerberos.
• Understanding the whole encryption type negotiation mess.
• Basic Kerberos administrative operations (Heimdal and MIT will be covered)
• Kerberos's interactions with AFS.
• The differences between the Kerberos supplied with AFS and "third-party" Kerberos implementations, and migration paths.
• Cross-realm authentication, and how it operates with AFS.
• What "aklog" is, and the role it plays in the authentication process.
• Strategies for making Kerberos authentication as seamless as possible at your site.

The day will be four 90 minute sessions with breaks in the morning and afternoon, plus a mid-day break for lunch.