Fermi National Accelerator Laboratory P.O. Box 500•Batavia,Illinois•60510-500 (630) 840 - 3200 Particle Physics Division, MS 208 FAX # 630/840-4610 July 27, 2001 Dear PPD Computer User or Collaborator, For some time now the Laboratory has been engaged in activities to increase the logon security of our computers and sub-systems. This process is commonly known as Strong Authentication or Kerberos logon. Strong Authentication is a network authentication process that uses strong cryptography to verify the identities of both user and server via a trusted third-party authentication service. One of the advantages in using strong authentication is that you will have one ID, known as your Kerberos Principal, and one password. Once you are authenticated on a system, you can move from one strengthened machine to another without having to retype your password. The current plan requires that the Strong Authentication be fully deployed at Fermilab by December 31, 2001. In order to conclude the final phases of Kerberizing desktop and server computer systems, you now need to apply for your Kerberos Principal (Account). PPD Data Support Group and the Computing Division are working together to move quickly through this and have all PPD users/collaborators using the new logon procedure before Mid-September 2001. This is what you, as the End-user* , need to do. All Users/Collaborators are required by Fermilab and DOE to get a Kerberos Principal. 1. Apply for a new logon account (Kerberos Principal) before August 10, 2001. The form can be found by going to http://www.fnal.gov/docs/strongauth/ 2. The PPD user community is strongly encouraged to read the on-line PowerPoint slides for general information on requesting a Kerberos Principal, scheduling and implementing a Kerberos network logon. To find this documentation, please go to the Particle Physics Division home page at http://ppd.fnal.gov then click on the NEWS item "Kerberizing Unix – Mid August". 3. Become familiar with the new logon procedure (Password or CryptoCard). a. Resetting** your password, opening telnet connections, etc. 4. As we migrate computer systems within the various departments to a Kerberized logon, your local computer support person will contact you when you must begin using the new Kerberos Principal (Account). All questions need to go through the normal Helpdesk/work request process. Call (ext. 2345) or visit the web at (http://www-ppd.fnal.gov/ss_www/dsg/data.htm) to fill out a work request. Allen Forni (forni@fnal.gov) PPD General Computer Security Coordinator (GCSC) Tel. (630) 840-8052 Fax. (630) 840-6471 *One who has an FNAL computer account that is used to access other Desktop or Server computers. **Terminals are located in the WHGF Mail Center and outside the elevators on WH8 east.