Fermilab Computing Division

CS Document 2272-v0

KCA at Fermilab

Document #:
Document type:
Submitted by:
Selitha Raja
Updated by:
Selitha Raja
Document Created:
27 Jun 2007, 14:46
Contents Revised:
27 Jun 2007, 14:46
Metadata Revised:
27 Jun 2007, 14:46
Viewable by:
  • Public document
Modifiable by:

Quick Links:
Latest Version

Fermilab has deployed a Kerberized Certificate Authority (KCA) leveraging the sitewide Kerberos 5 infrastructure to provide Grid Proxies to all registered FNAL users. The KCA server software, from the NMI distribution, has been modified to utilize Windows 2000 Domain controllers as LDAP directories. Standard client software from NMI works as delivered. An additional benefit has been the use of PKI proxies for Web authentication. Details of the configuration will be discussed.
This project has been extremely successful at leveraging existing infrastructure to provide Grid access for a large population of users (>3000 registered). The project required approx 3 FTE months and ~$2000 in equipment. Operational experience has been very good with no appreciable increase in authentication infrastructure operational support. User feedback has been very positive.
Files in Document:
Associated with Events:
CHEP2003 held on 24 Mar 2003 in La Jolla, California
DocDB Home ]  [ Search ] [ Authors ] [ Events ] [ Topics ]

DocDB Version 8.8.10, contact Document Database Administrators