On This Page
Kerberos is a ticket-based authentication system. At UCSC, Kerberos is used for UNIX server authentication, and is required for servers where the AFS client is installed.
- Automatic account provisioning and de-provisioning through the central campus Identity Management (IDM) system
- Password synchronization to the CruzID Blue password
- Physical Security — The Kerberos service runs on servers located in the UCSC and SDSC Data Centers
- Reliability and Availability — The Kerberos servers are maintained on redundant hardware across two physical locations
This is a 24x7 service supported by the Data Center Operations UNIX team. Escalation is provided through Data Center Operations and the UNIX on-call rotation.
Kerberos is appropriate for confidential and most types of restricted data (as defined here).
Kerberos is available without having to make a special request. Configuration information is provided in the “Information for IT Providers” section below.”
Kerberos is provided free of charge.
Kerberos is available to and automatically provisioned for all UCSC students, faculty and staff.
Kerberos configuration requirements specific to UCSC is available here.
This document contains the required firewall rules, time-synchronization considerations, and model krb5.conf files for setting up a server to use Kerberos for authentication.