Kerberos is the security protocol at the heart of Stanford's campuswide security infrastructure. It establishes the identity of the users and systems that access network services. Kerberos protects network protocols from tampering (integrity protection), and encrypts the data sent across the protocol (privacy protection). Every SUNet ID corresponds to an entry in our Kerberos database, and whenever you use your SUNet ID to access a service, you're using Kerberos.
Kerberos is an industry-standard authentication protocol widely used by other institutions and by many operating systems. Most UNIX implementations provide Kerberos with their implementation (sometimes as an optional package), including all major Linux distributions. Kerberos is also built into Microsoft Windows (it's used extensively by the Microsoft Active Directory infrastructure) and Mac OS X, which uses it for Apple's network services.
- Stanford affiliates, sponsored accounts, and recently graduated students who need to authenticate
- System administrators who need to protect Stanford data
Kerberos is approved for use in restricting access to Low, Moderate, and High Risk Data, as defined by the Information Security Office.
Free of charge
To install and configure Kerberos on Windows or Macintosh operating systems, download the installer through Essential Stanford Software:
- Windows: Kerberos for Windows
- Mac: Kerberos Configuration Tool for Macintosh
- UNIX: Use the Kerberos software that comes with your operating system.
Kerberos is the official University authentication system (see Admin Guide 64). If you're a campus system administrator, particularly of UNIX systems, you often need to install Kerberos on your servers and should know how to use Kerberos as an authentication system.
Developer working on campus services or investigating how to deploy new software at Stanford Kerberos.
For assistance with Kerberos, submit a HelpSU request.
For end users:
For IT providers: