Kerberos, Carver, Lab Authentication (fwd)

James W DeRoest (deroest@cac.washington.edu)
Wed, 24 Sep 1997 07:44:09 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: James W DeRoest: "Renew ready for testing in the labs"
Previous message: James W DeRoest: "Daffy meeting notes"

Message-Id: <199709241444.HAA19024@mailhost2.cac.washington.edu>
From: "James W DeRoest" <deroest@cac.washington.edu>
To: "AST Webpage" <astweb@u.washington.edu>
Subject:  Kerberos, Carver, Lab Authentication (fwd)
Date: Wed, 24 Sep 1997 07:44:09 -0700

-----Original Message----- From: Yonah Karp <yonah@u.washington.edu> To: ast-l@u.washington.edu <ast-l@u.washington.edu> Date: Tuesday, September 23, 1997 4:52 PM Subject: Kerberos, Carver, Lab Authentication (fwd)

FYI. Will affect anyone in our group who may be guru -- i.e., all of us.

Yonah

---------- Forwarded message ---------- Date: Tue, 23 Sep 1997 16:50:52 -0700 (PDT) From: Yonah Karp <yonah@u.washington.edu> To: copstaff@u.washington.edu, cops-l@u.washington.edu Cc: Lori Stevens <lrs@cac>, Oren Sreebny <oren@u.washington.edu>, David Cox <dcox@u.washington.edu>, Karalee Woody <karalee@u.washington.edu> Subject: Kerberos, Carver, Lab Authentication

Folks,

There are some services now in place that will need monitoring and which Operations should be aware of as we get close to the beginning of Autumn quarter.

-- Kerberos authentication service

The Kerberos database is on the nivens (niven01 and niven02). Niven01 is the primary Kerberos ticket server, and Niven02 is a backup. Donn has more details in his help file in Argus.

-- Lab authorization

Currently this service uses bud.cac and niven01 (or niven02) to allow ACC, CRC and Commons lab users to identify themselves as valid users of our computers and our labs. Lab computers talk to a client on bud.cac, which talks to the Kerberos servers on niven01 (or niven02) and says "yay" or "nay".

The service that bud.cac and the nivens provide to the labs is as important as the password service on Unix machines. If there is a problem, someone in the labs will call Operations and Operations should notify unix_guru immediately.

-- "renew" password change service (web-based)

This runs on carver. The new web-based "new", which is not yet ready, will also run on carver. Problems with carver may mean that these services are down. At some point there will likely be a monitor on specific daemons on carver, but we haven't written them yet. Carver problems also go to unix_guru.

Monitors exist for carver, niven01, niven02, simba02, and bud.cac. All these machines should be in xhm. Monitors also exist for "KRB5" (the Kerberos service itself on the nivens). Whomever is responsible for updating .Argusrc and .xhmrc (i.e., any relevant startup files) should do so and restart Argii.

Thanks for your help.

Yonah

Next message: James W DeRoest: "Renew ready for testing in the labs"
Previous message: James W DeRoest: "Daffy meeting notes"