Kerberos

Kerberos is a ticket-based authentication system.  At UCSC, Kerberos is used for Unix server authentication, and is required for servers where the AFS client is installed.


Features and Benefits

  • Automatic account provisioning and de-provisioning through the central campus Identity Management (IDM) system
  • Password synchronization to the CruzID Blue password
  • Physical Security — The Kerberos service runs on servers located in the UCSC Data Center, and at AWS
  • Reliability and Availability — The Kerberos servers are maintained on redundant hardware across multiple locations

Availability

This is a 24x7 service supported by the DCO Unix team. Escalation is provided through Data Center Operations and the Unix on-call rotation.

For planned maintenance, the UCSC Data Center follows the ITS Change Management Process, and planned changes are posted on the ITS Maintenance Calendar.


Data Security

Kerberos is a system to store credentials and handle authentication. Passwords (P4 data) are stored in an encrypted format. Data other than passwords cannot be stored in Kerberos.


Eligibility

Kerberos is available without having to make a special request. Configuration information is provided in the “Information for IT Providers” section below.


Costs

Kerberos is provided free of charge.


Request this Service

Kerberos is available to and automatically provisioned for all UCSC students, faculty and staff.


Get Help


Information for IT Providers

Kerberos configuration requirements specific to UCSC are available here.

This document contains the required firewall rules, time-synchronization considerations, and model krb5.conf files for setting up a server to use Kerberos for authentication.