[LON-CAPA-admin] Kerberos?

[Todd Ruskell]

Hi,

This question is probably mostly for Mark, but I'll take reasonable advice 
from most anyone.  We're looking to start taking advantage of campus kerberos 
services.  From what little I've seen on the list, it appears that all I 
should really need to do is make the appropriate changes to 
the /etc/krb5.conf file which already exists, at least in sample form, on my 
system.  But usually when things look this easy I'm missing something 
important.  What is it in this case?

Do I have to make the above, and any additional changes to all my servers, or 
just the library server?  It seems I should only need to do this on the 
library server, as that is the central authentication point.

Once I'm reasonably comfortable that kerberos is actually working, is there a 
"magic switch" I can use to convert everyone from internal to kerberos 
authentication? (My guess is no, and for good reason).

Is there a way for new course enrollments of existing users to switch those 
users to use kerberos?  (I suspect this is marginally more likely, but still 
probably no.)  

Or do I manually have to switch users from LON-CAPA's internal authentication 
to the global campus authentication?  (I'm guessing yes).

Thanks for all your help.

Todd

-- 
Dr. Todd Ruskell
Senior Lecturer, Department of Physics       Office:  Meyer Hall 326
Colorado School of Mines                     Phone: 303-384-2080
1523 Illinois Street                         Fax: 303-273-3919
Golden, CO 80401