Workstations, file servers and compute servers in our facility are integrated into a single network environment supporting such services as Kerberos, for security, and AFS, for distributed file sharing. Our goal is to provide the user with a single integrated environment which is shared across all systems, both within the CCS and extended to the user's "home" machine, wherever it resides.
Currently, each user's credentials (passwords and tickets) are securely shared among all systems via Kerberos. Kerberos is an authentication system for network and host-based services. Once you have been authenticated to the Kerberos server, an encrypted ticket is automatically used to provide authentication to other hosts and services, such as ftp, telnet and POP mail. This, along with the ability to encrypt sessions, provides enhanced network security. Users are encouraged to extend this network security by downloading our Kerberos kits for installation on their end systems. These kits are located on our FTP site and do not require system privileges to install.
User data (home directories and mass storage files) are not only shared via AFS, but protected via Kerberos. AFS is a distributed file system with the ability to span great distances and large network delays (it is truly global), support of local file caching for increased performance, and greater control of file permissions via Access Control Lists (ACLs). Users are authenticated to AFS via Kerberos. If the pathname of a file or directory starts with '/afs', then it is part of AFS space and authentication is automatic.
Our site administers the AFS cell called cmf.nrl.navy.mil located at /afs/cmf.nrl.navy.mil (or /afs/cmf for short).
If you have previous Kerberos or AFS experience, you may find differences between this and other sites as we have modified both products.
Send comments or questions to ccshelp@nrl.navy.mil
NRL ~ Code 5000 ~ Code 5500 ~ Code 5590