LISTSERV 16.0 - MSUNAG Archives

The following message was sent to the IT Exchange listserv earlier this month.

From: AIS Help Desk [mailto:[log in to unmask]]
Sent: Wednesday, January 11, 2012 3:29 PM
To: [log in to unmask]
Subject: Kerberos Upgrade

You are receiving this message because you may be affected by MSU's project to update its Kerberos authentication software. In June 2012, Libraries, Computing and Technology (LCT) will be upgrading the Kerberos authentication software to the current release of MIT Kerberos. The version we are currently using at MSU supports backward compatibility to version 4 of the Kerberos protocol.  After this upgrade, backward compatibility to Kerberos version 4 will no longer be supported.
The main reasons for upgrading to Kerberos 5 include:

 *   Kerberos 4 is unsupported due to numerous security flaws. (See the October, 2006 end of life announcement<http://web.mit.edu/kerberos/krb4-end-of-life.html> for further details.)
 *   Newer MIT Kerberos server software allows for more stringent password policies, including account lockout.
 *   Newer MIT Kerberos server software includes full support for IPv6. (See information on MSU's IPv6 Upgrade<http://tech.msu.edu/ipv6/index.php>)
The impact of dropping backward compatibility support for Kerberos 4 is that any applications using Kerberos 4 for authentication will no longer be able to authenticate.  One of the applications currently using Kerberos 4 is the AIS-provided D6501 authentication software which is used by numerous applications in the AIS and Public Web Server environments.
If you are responsible for an application that uses D6501 for authentication, it will need to be converted to use Sentinel for authentication. To determine if your application is using D6501 for authentication and needs to be converted to use Sentinel, view examples of the login URL for Sentinel versus D6501 application authentication<http://tech.msu.edu/kerberos/sentinel-check.php>. If you identify a web application that needs to be upgraded to Sentinel, please submit your information using the online form<https://contact.cl.msu.edu/request.php?service=kerbupgraderequest> and LCT staff will help you with the process.
Additionally, if you have an application that is written to use Kerberos 4 directly for authentication, you will need to update it to use Kerberos 5.
Information about this upgrade and to check if an application uses Sentinel<http://tech.msu.edu/kerberos/sentinel-check.php> is posted at tech.msu.edu/kerberos<http://tech.msu.edu/kerberos>.
If you have any questions, please do not hesitate to contact the AIS Help Desk at (517) 884-3000.
From the AIS Service Desk on behalf of the Kerberos Upgrade Project Team