Simon Wilkinson, School of Informatics, University of Edinburgh

A little over 5 years ago, the newly formed School of Informatics launched a new computing infrastructure, named DICE. At its heart, this new infrastructure featured a move away from using a combination of NIS and host-based trust for authentication and authorization, towards a Kerberos based single signon infrastructure, with a sophisticated LDAP managed groups system for authorization.

Within this migration there have been a number of highs and lows. Some services integrate well into a Kerberos world, others prove more problematic. The intervening time has also seen an explosion of interest in both Kerberos, and in authentication solutions in general. This paper will discuss our experiences both in rolling out the initial infrastructure, and in reassessing it since its launch.

We'll discuss the technical and human issues involved in moving to Kerberos based systems from a previously lax environment, examine those areas where we got it wrong, and outline those for which good solutions still have to be found.

Back to schedule

Google IBM O'Reilly mod3

$Id: SWilkinson.html 555 2006-09-27 14:04:22Z ray $