Title of Service: Kerberos
Status of Document: This document describes service offered from May 2011.
1. Introduction
Kerberos enables users to authenticate to other applications and services, with the additional convenience of supporting single sign-on and same sign-on. Kerberos does not require the user to transmit their password over the network, or expose it to the service they wish to use, thereby offering a consistent assurance of security of their credentials.
Kerberos also provides a means of changing the SSO password on an account and performing administration of other credentials, such as generating keytabs for Webauth application servers.
This service is owned by the Systems Development and Support Section Manager and was released for general use in 2002.
A full service description is available from http://www.oucs.ox.ac.uk/services/iam/kerberos/
1.1. User Support
User support for the service is provided through a combination of local IT Support (via local ITSS) and OUCS.
Users should seek support from their local ITSS in the first instance. Local ITSS may refer a user to OUCS, or contact OUCS on behalf of a user. Users and ITSS may always contact OUCS about any aspect of the service.
The initial point of contact for user support at OUCS is the Help Centre - in person, by telephone, or using our contact form.
2. Summary of OUCS’s responsibilities
2.1 The service is offered as follows:
- 9am - 5pm on weekdays: the service operates with full technical support.
- All other times: the service operates without technical support. Automated service monitoring will take place, and informal arrangements exist for staff to be notified of exceptions, however no funding is provided for contractual cover or guaranteed response.
- Exclusions: service maintenance carried out during the JANET maintenance period (7am - 9am every Tuesday).
2.2 OUCS will commence investigation of reported faults within one hour when full technical support is available (provided that no similar fault is already being handled by the same team).
2.3 It is intended, as far as is possible, to maintain service availability at all times apart from exclusions listed under 2.1, however there are no formal targets.
2.4 This service is classified as "critical" to University mission and will be recovered as a first priority, and within 4 hours when full technical support is available.
2.5 Recovery will restore user authentication functionality using account data retrived from backup (less than 1 day old). Recovery may not include other functions such as password change or administration of (e.g. Webauth) principals.
2.6 There is no alternative service, however some individual systems may support alternative authentication configurations such as the creation of local user accounts to enable access in the event of an extended outage.
2.7 Technical support (operations and 2nd/3rd line user support) for the service is provided by OUCS; User support (1st line) provision is via local ITSS and the OUCS Help Desk, as described above.
2.8 Notification of scheduled maintenance, outages, and other information of general interest in relation to the service will be circulated on the itss-announce mailing list.
2.9 Service requests and fault reports relating to the service should be sent to the OUCS Help Desk.
3. Summary of client’s responsibilities
3.1 Users are responsible for ensuring that this service is suitable for their needs.
- Regulations Relating to the use of Information Technology Facilities
- JANET(UK) Statement of JANET acceptable use policy
- CHEST Code of Conduct for Site Licensed Software and Datasets
- University Policy on Data Protection
- Any local policy defined by the unit from which you use this service
3.3 Users should report any defect, malfunction, or performance degradation of the service promptly to enable remedial action to be taken.
3.4 Users are responsible for the suitability, correct configuration, and maintenance of any client (agent) software used to interact with this service.