Kerberos at U-M

Kerberos is used for authentication (to validate that you are who you say you are) when logging in to many services and systems at U-M. Kerberos will continue to be available, but we recommend the use of other authentication options, such as Shibboleth, whenever possible going forward, rather than using Kerberos directly.

Kerberos Will Continue

ITS is responsible for the infrastructure that supports use of Kerberos authentication for ITS-provided services and systems and for other university services and systems that make use of Kerberos. ITS will continue to provide Kerberos authentication to the university while gradually encouraging use of other options where appropriate going forward.

Many services at U-M depend on Kerberos availability, so it will remain available.

  • Our Kerberos infrastructure is extremely reliable.
  • ITS will continue to maintain and support U-M's Kerberos infrastructure.
  • ITS will keep the university's Kerberos installation updated to the latest version to ensure continued stability.
  • We understand that there may be a need to maintain Kerberos for back-end authentication to support other authentication options.

Other Options Are Preferred

For new services, we recommend avoiding direct Kerberos integrations whenever possible. Consider options such as Shibboleth and Active Directory.

For existing services that use Kerberos directly, we encourage you to consider converting to other authentication options when you perform application upgrades.