Strong Authentication at Fermilab
About this Manual

Chapter Contents

About this Manual
  1. Purpose and Intended Audiences
  2. Resources
  3. Notational Conventions
  4. Your Questions and Comments



View or print PDF file of chapter

Back to Strong Auth Index Page
CD Home Page
Fermilab at Work
Fermilab Home

About this Manual

This chapter provides an introduction to the Strong Authentication at Fermilab manual. In particular you will find:

1. Purpose and Intended Audiences

Fermilab must demonstrate to the DOE that it implements a computer security system that exercises tight control over who uses the lab's computers and network (which are owned by the government). An analysis of the major computer security incidents at Fermilab over the past several years, as well as the general sense of security incidents prior to that, shows that a common root cause of these incidents is the compromise of user passwords by their transmission in clear text over the network. Once intercepted, passwords can be re-used to gain unauthorized access to the destination system. Further, with user access to a compromised system, hackers have a foothold for much easier attacks to gain privileged root access. In order to protect against unauthorized access to Fermilab computers, the Computing Division has implemented the Kerberos Network Authentication Service V5 to provide what is known as strong authentication over the network.

The manual is targeted to both administrative and end users of UNIX (all supported operating systems: SunOS, IRIX, Scientific Linux) and Windows and Macintosh systems.

2. Resources

3. Notational Conventions

The following notational conventions are used in this document:


Used for product and program names (e.g., telnet).


Used to emphasize a word or concept in the text. Also used to indicate logon ids and node names.


Used for filenames, pathnames, contents of files, output of commands.


Indicates a control character. To enter a control character, hold down the control key (labeled Ctrl, usually) while pressing the key specified by char.

[ ]

In command formats, indicates optional command arguments and options.


Prompt for C shell family commands (% is also used throughout this document when a command works for both shell families).


Prompt for Bourne shell family commands; also standard UNIX prefix for environment variables (e.g., $VAR means "the value to which VAR is set").

< >

In commands, paths and environment variables, indicates strings for which the user must make context-specific substitutions.

All command examples are followed by an implicit carriage return key. The following symbols are used throughout the text to draw your attention to specific items:

A "bomb"; this is used to indicate a potential pitfall.

This symbol is intended to draw your attention to a particularly important piece of information.

This symbol indicates information for AFS systems.

4. Your Questions and Comments

Questions or comments about the Strong Authentication at Fermilab manual or website should be sent to We encourage all the readers of this document to report back to us:

View/print PDF file | Back to Strong Auth Index Page | Computing Division | Fermilab at Work | Fermilab Home
This page generated on: 09/01/06 16:25:08