March 9, 2012
In order to alleviate the recent Kerberos and authentication problems within SCS, Computing Facilities has taken a number of measures. We have deployed fail2ban to all Facilitized Linux systems. This software looks for authentication failures in the host's log files and will temporarily ban IP addresses of those systems that are repeated offenders. We have also made changes at the edge of our network to filter traffic that caused problems for our users when authenticating to SCS Kerberos servers. The effect of these changes has been a large and significant reduction in the frequency and magnitude of the problem. We are continuing to strengthen the environment including the ongoing improvement to our Kerberos environment (hardware and software upgrades).
While these problems have declined in frequency and severity, we are actively monitoring the situation and working to resolve problems that do arise as quickly as possible.
Please contact firstname.lastname@example.org or call the SCS Help Desk (x8-4231) if you have questions or problems with Kerberos and authentication.
Thank you for your attention,
SCS Help Desk