AFS and Kerberos 4 Realm Will Be Decommissioned
Effective August 5, 2002

To complete the final stage in the upgrade to Penn State authentication services, Academic Services and Emerging Technologies (ASET) will fully decommission AFS and the Kerberos 4 authentication realm on August 5, 2002. For years, the Penn State Access Account userid has been supported by two authentication realms: Kerberos 4, which worked with ASET's former method for serving files via AFS; and Kerberos 5 (DCE), which is the current method for authentication. DCE is used in conjunction with ASET's current means for providing file service via the Distributed File System (DFS), known as Penn State Access Account Storage Space (PASS). All ITS services that require authentication with the Access Account userid and password pair use Kerberos 5.

What this means to you

Fortunately, this change affects only a small population of Penn State Access Account holders. While it is always recommended that users change their passwords periodically, in this case, a number of users who received their Penn State Access Account four or more years ago and have not changed their password in the past four years are encouraged to change their password at https://www.work.psu.edu/ or it may not work starting on August 5, 2002. Doing so will create an entry in the authentication database.

If a user does not have a valid entry in the authentication database after August 5 they will NOT be able to change their password. In this case, users will need to go to the Accounts Services Office, the Help Desk, or a local campus computer consultant (with a photo ID) and get their password reset.

Getting Help

For those who are unable to change their password successfully, contact the Accounts Services Office at accounts@psu.edu.

For those who run their own UNIX machines and experience problems, direct problem reports to root@cac.psu.edu.

For those who run Windows machines and experience problems, direct problem reports to clc-hotline@win.psu.edu.

Special Note:

For those who administer their own machines and are not sure if their machines might be affected, the list below outlines the main reasons why a computer might still be contacting the old authentication service. They are the following:

• It is running an old version of the Financial Information Tool (FIT). Please see http://ais.psu.edu/ibiswork/Techno/FIT/fit-indx.htm if this is the case.
• It is running an old version of the Penn State Gina authentication module for Windows NT/2000 which is supported by Classroom and Lab Computing (CLC). Please see http://dsg.cac.psu.edu/Support/Gina/ if this is the case.
• It is running your own homegrown application that uses Kerberos 4 to authenticate using the Penn State Access Account. Please contact the Penn State Access Account Authentication Team at root@cac.psu.edu for upgrade options.
• It is running the AFS file system. This is likely to occur only on a UNIX computer. Please have the system administrator of the UNIX computer contact the Penn State Access Account Authentication Team at root@cac.psu.edu for information on how to remove AFS if this is the case.

Please note that all systems are scheduled for daily maintenance between 5:30 and 7:30 a.m. During this time, one or more Internet services may not be available. The ITS systems status page shows the current status of servers.