Kerberos

Kerberos is a ticket-based authentication system.  At UCSC, Kerberos is used for UNIX server authentication, and is required for servers where the AFS client is installed.


Features and Benefits

  • Automatic account provisioning and de-provisioning through the central campus Identity Management (IDM) system
  • Password synchronization to the CruzID Blue password
  • Physical Security — The Kerberos service runs on servers located in the UCSC and SDSC Data Centers
  • Reliability and Availability — The Kerberos servers are maintained on redundant hardware across two physical locations

Availability

This is a 24x7 service supported by the Data Center Operations UNIX team. Escalation is provided through Data Center Operations and the UNIX on-call rotation.

For planned maintenance, the UCSC Data Center follows the ITS Change Management Process, and planned changes are posted on the ITS Maintenance Calendar.


Data Security

Kerberos is appropriate for confidential and most types of restricted data (as defined here).


Eligibility

Kerberos is available without having to make a special request. Configuration information is provided in the “Information for IT Providers” section below.”


Costs

Kerberos is provided free of charge.


Request this Service

Kerberos is available to and automatically provisioned for all UCSC students, faculty and staff.


Get Help


Information for IT Providers

Kerberos configuration requirements specific to UCSC is available here.

This document contains the required firewall rules, time-synchronization considerations, and model krb5.conf files for setting up a server to use Kerberos for authentication.