Presentation is loading. Please wait.

Presentation is loading. Please wait.

Migrating to Kerberos 5 Steve Devine Manager, Storage Systems Academic Computing and Network Services Michigan State University.

Published byBenjamin Quinn Modified over 8 years ago

Similar presentations

Presentation on theme: "Migrating to Kerberos 5 Steve Devine Manager, Storage Systems Academic Computing and Network Services Michigan State University."— Presentation transcript:

1 Migrating to Kerberos 5 Steve Devine Manager, Storage Systems Academic Computing and Network Services Michigan State University

2 About Kerberos and AFS  Kerberos 5 –Network authentication protocol developed at MIT –Widely used –MS Windows Active Directory  AFS –Andrew File System developed at Carnegie- Mellon Named for Andrew Carnegie

3 Andrew File System (AFS)  In use at MSU since 1994  Serves as our campus-wide file system  afsdb0.cl.msu.edu serves as our campus Kerberos authentication service  Dozens of MSU services rely on for authentication services –Mail.msu.edu, ANGEL, etc. –AIS’ Sentinel service is common front-end  Encryption is loosely based on Kerberos 4.

4 Why Convert?  Kerberos 5 is the industry standard.  Far more secure than current system.  Windows Active Directory and other enterprise level services are designed to use Kerberos 5.  Flexibility and dependability are greatly increased.  At some point in time we will be forced into conversion.

5 Testing and Notification  MIT Kerberos 5 test server open- afsdb2.cl.msu.edu was online June 2004.  Notices sent to network administrators (NAG) and ACNS Staff  Migration info appears at: : http://www.msu.edu/service/afs/migrate/  kerberos5@list.msu.edu created for department representatives.  Test accounts where converted from current MSU database and testusers began testing in July 2004.

6 Backward Compatibility –New service will run a 'fakeka' server that allows afs authentication to continue  Kerberos server will run in Kerberos 4 mode to allow services to migrate

7 Single DES, Triple DES, and Passwords  DES = Data Encryption Standard, developed in 1970s  Original standard is now “crackable” with modern hardware  Triple DES uses three 56 bit keys  Existing MSU Kerberos uses single DES  Industry is moving towards Triple DES –For instance, MS Active Directory demands Triple DES –If your Kerberos password is still single DES, you can’t use Active Directory services

8 Password Implications  We will implement a new password policy with this migration  Minimum 8 characters  Must include at least 3 of the following character classes: lower-case letters upper-case letters digits punctuation, and all other characters (e.g., control characters)  This will greatly enhance password effectiveness

9 Migration Timeline  May 11, 2005:  New server installed and 218,000 users loaded into Kerberos 5 database.  Media campaign to educate users and get them to reset password begins.  New password policy begins –Your old password will continue to work for existing systems. –When you change it, you must conform to new rules.

10 Timeline  September 27, 2005:  Disable access for any user who has not reset their password.  Official support for Kerberos 5 begins.  New users are created in Triple Des only

11 Timeline  Date TBA, 2006?  Kerberos 4 support ends.  All services must support Kerberos 5

12 Communications Needs  Must document new password policy ASAP –Techbase, Help/Status, etc  Prepare the help desks for questions  Plan campaign for Fall  As September 27 approaches, e-mail users who have not changed their password

Download ppt "Migrating to Kerberos 5 Steve Devine Manager, Storage Systems Academic Computing and Network Services Michigan State University."

Similar presentations

Information Systems. Who to Call Data and Reports Helen Chang, Graduate Education Researcher David Lock, Student & Administrative Systems Support.

Information Systems. Who to Call Data and Reports Helen Chang, Graduate Education Researcher David Lock, Student & Administrative Systems Support.
●June 17 th, 2014 08:15 AM – 09:15 AM ●Barry Phelps ●Support Engineer – ArtiosCAD Esko FlexNet Licensing.

●June 17 th, :15 AM – 09:15 AM ●Barry Phelps ●Support Engineer – ArtiosCAD Esko FlexNet Licensing.
Discovering SQL all rights reserved (c) 2010 agilitator.com INSTALLING MS SQL Server 2008 R2 Express Edition.

Discovering SQL all rights reserved (c) 2010 agilitator.com INSTALLING MS SQL Server 2008 R2 Express Edition.
Thoughts on Technology Issues for Small Business Implementing Technical Safeguards to support Your Policies.

Thoughts on Technology Issues for Small Business Implementing Technical Safeguards to support Your Policies.
SITS:Vision Annual the Hilton Deansgate Hotel, Manchester Mike Fisher – Technical Services Team Leader Security and Hosting 12-13 July 2011.

SITS:Vision Annual the Hilton Deansgate Hotel, Manchester Mike Fisher – Technical Services Team Leader Security and Hosting July 2011.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Johnson Logistics Solutions Office of Systems and Information Technology.

Johnson Logistics Solutions Office of Systems and Information Technology.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M030 17 th November, 2008.

The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.
Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.

Technology Steering Group January 31, 2007 Academic Affairs Technology Steering Group February 13, 2008.
Imaging Services, WebNow and ImageNow are provided by MAIS - Document Imaging Services. Presentation originally developed by Michigan Business Services.

Imaging Services, WebNow and ImageNow are provided by MAIS - Document Imaging Services. Presentation originally developed by Michigan Business Services.
Tom Parker Project Manager Identity Management Team IT Security Group.

Tom Parker Project Manager Identity Management Team IT Security Group.
University of Michigan Administrative Information Services Upgrade to Citrix Presentation Server 4.0 & Resulting Changes Aaron Landy Michigan Administrative.

University of Michigan Administrative Information Services Upgrade to Citrix Presentation Server 4.0 & Resulting Changes Aaron Landy Michigan Administrative.
1May 2006 – Unit Liaison Meeting Two-Factor Authentication Project MToken Distribution Bill Wrobleski MAIS Joint UL Meeting May 24, 2006.

1May 2006 – Unit Liaison Meeting Two-Factor Authentication Project MToken Distribution Bill Wrobleski MAIS Joint UL Meeting May 24, 2006.
Enterprise Imaging University of Michigan Administrative Information Services Enterprise Imaging Financial Unit Liaisons Mike Easter 1/18/06.

Enterprise Imaging University of Michigan Administrative Information Services Enterprise Imaging Financial Unit Liaisons Mike Easter 1/18/06.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Gale D. Fritsche Lehigh University Library and Technology Services Client Service Insanity A Campus-wide Novell to Active Directory Migration EDUCAUSE.

Gale D. Fritsche Lehigh University Library and Technology Services Client Service Insanity A Campus-wide Novell to Active Directory Migration EDUCAUSE.

Similar presentations

Ads by Google