Pages about Kerberos

• User Guide
• Sysadmin Guide
• UNIX Install Guide
• Developer Information

Related Pages

• WebAuth
• AFS at Stanford
• MIT Kerberos
• Heimdal
• Kerberos Consortium

• QUICK LINKS
  • answers.stanford.edu
  • apple.stanford.edu
  • computing.stanford.edu
  • courses.stanford.edu
  • datarates.stanford.edu
  • dell.stanford.edu
  • departmentphone.stanford.edu
  • email.stanford.edu
  • ess.stanford.edu
  • helpsu.stanford.edu
  • myitserviceshelp.stanford.edu
  • orderithelp.stanford.edu
  • software.stanford.edu
  • studentphone.stanford.edu
  • techtraining.stanford.edu
  • tools.stanford.edu
  • unixcomputing.stanford.edu
  • vpn.stanford.edu
  • web.stanford.edu
  • windows.stanford.edu
• SERVICES
  • IT Services Only
  • All Campus Providers
    → computing.stanford.edu
• GETTING HELP
  • Stanford Answers
  • HelpSU: IT Help Desk
  • Training
• PROJECTS
• ABOUT US
  • What We Do
  • Organization Chart
  • Strategic Plan
  • Jobs
  • Contact info
  • Service & System Metrics
• INTERNAL
• SEARCH

  • Search IT Services:
     

• IT Services
• Kerberos

Kerberos

Kerberos at Stanford

Kerberos is the heart of Stanford's campuswide security infrastructure. It is a robust security protocol used to establish the identity of users and systems accessing services across the network, to protect network protocols from tampering (integrity protection), and often to encrypt the data sent across the protocol (privacy protection). Every SUNet ID corresponds to an entry in our Kerberos database, and whenever you use your SUNet ID to access a service, you're using Kerberos.

Kerberos is an industry-standard authentication protocol widely used by other institutions and by many operating systems. Most UNIX implementations, including all major Linux distributions, provide Kerberos with their implementation (sometimes as an optional package). Kerberos is also built into Microsoft Windows and used extensively by the Microsoft Active Directory infrastructure, and similarly is built in to Mac OS X and used extensively by Apple's network services.

Users

The easiest way to install and configure Kerberos on Windows and Mac OS X systems is to install Kerberos for Windows or the Kerberos Configuration Tool for Macintosh, which you can get via Essential Stanford Software. If you install this software via Stanford Desktop Tools, you will also receive notification of updates and the option of downloading and installing them without needing to go back to the web site.

UNIX users should normally use the Kerberos software that comes with their operating system. We provide kits for older versions of Solaris, which didn't include a useful version of Kerberos. See UNIX Kerberos installation instructions for more information.

For an overview of what Kerberos is, how it works at Stanford, and answers to frequently asked questions about it, see the Kerberos user guide.

System Administrators

Since Kerberos is the sole official university authentication system (see Admin Guide 64), campus system administrators, particularly of UNIX systems, will often need to install Kerberos on their servers and should be aware of how to use Kerberos as an authentication system.

If you are a system administrator, read Kerberos for Sysadmins.

Developers

Kerberos (possibly via WebAuth) should be used as the authentication system for any campus service. Developers working on campus services or investigating how to deploy new software at Stanford should read the guide to Integrating with Stanford's Authentication System.