Chemistry Lab University of Washington Computer Science & Engineering
 CSE Accounts
  CSE Home   About Us    Search    Contact Info 

Related Topics
 Computer Use Policies
 Kerberos ProjectCSE only
 NT Integration
 CSENetID Web Authentication
   

CSE users may have accounts on a variety of hosts and domains. You may have differing credentials on different types of machines. This document briefly explains what sets of credentials there are and where they apply.

Kerberos

Since 1998, virtually all CSE Unix machines- both instructional and research- use a facility called "kerberos" to provide authentication services. When you type your login name and password to a Unix prompt and successfully log in, you have use what we call your "kerberos credentials" or your "kerberos password."

Kerberos is characterized by its use of a set of authentication servers that validate your login. Each such server has the same data. That means that wherever you are when you login to a CSE machine that uses kerberos, your password is the same. Another key feature of kerberos is that your password never crosses a network channel in plain text. That means that it is not possible for somebody reading packets off our network to "sniff" your password using any known technique.

Recently, the lab has deployed a "web login" technology to control access to mildly-sensitive web resources. This technology uses your kerberos password to authenticate you to the web service.

CSEResearch and CSEPCLab

On the Microsoft Windows side, authentication is performed quite similarly to how it happens on with Kerberos: your credentials are validated by a set of authentication servers, each of which are operating with the same data. Under ordinary circumstances, your password never crosses a network wire in plain text, so the authentication is secured from network sniffing.

There are two authentication domains in the CSE Windows world: CSEResearch, for research machines, and CSEPCLab, for instructional machines. It is possible that you have accounts in both, either, or neither of these domains. Your username is the same on all domains in which you have accounts (including the Unix-side kerberos), but your password may differ- both between the Windows domains, and from your kerberos password.

Besides being used for authenticating to Windows CSEResearch hosts, your CSEResearch Windows credentials are also used to authenticate to Samba. Samba is the technology that we use to allow access to Unix file systems from Windows hosts, and underlies the NT DFS service when it is used to access Unix files.

CSE logo Computer Science & Engineering
University of Washington
Box 352350
Seattle, WA  98195-2350
(206) 543-1695 voice, (206) 543-2969 FAX
[comments to webmaster]