260: Investigate alternatives to our existing MIT Kerberos authentication infrastructure

This project was to investigate alternatives to our existing MIT Kerberos infrastructure, which was put in place at the beginning of DICE more or less by default. Possible viable alternatives were:

• Outsourcing to EASE
• Replacing MIT Kerberos with Heimdal, at least for the servers
• Retaining MIT Kerberos on the servers, but building our own versions from source

Following the project's deliberations and discussion at CEG (item 1.32) it was concluded that we should retain our existing authentication infrastructure, and that we would continue to liaise with IS and others over software versions.

Working documents:

• Pros and cons
• 2014-02-26 meeting notes
• Collected thoughts on the possibility of moving from INF.ED.AC.UK to EASE.ED.AC.UK.
• Making the transition from INF to EASE
• Conclusions
• Final report

Useful links

• The old-style devproj #260 page
• The new-style theon project page
• Resilience statement
• MIT Kerberos home page
• Heimdal home page
• Historical DICE authentication documentation
• Tim&Simon's document on EASE
• Simon's email on EASE
• EASE admin documentation
• cosign documentation
• How to set up an EASE-authenticated site
• The final report