Single site-wide uid space
Sam Bassett RCS
samlb at pioneer.arc.nasa.gov
Sun Nov 4 11:48:17 AEST 1990
Oi veh, yes, do I have ideas . . .
We have exactly that problem here at Ames -- dozens of computer
systems and hundreds of users. The default has been for individual SAs to
assign UIDs in rough numeric and chronological order when someone wants
an account. When there are more than 2 machines on a network, this is
obviously a recipe for chaos.
Federal computer security policy has gotten people to thinking
about this problem in the last 3 years or so, but there have been
political problems -- there are two large groups who have standardized,
but neither is going to accept "dictates" from the other. And the rest
of the computer "owners" are not going to take any guff from either one
of the large groups.
The compromise that is being worked out (sloooooowly -- this
place IS run by Civil Servants [sic], after all) is that the UNIX UID
will be assigned by the people in the admin department who issue badges
-- they have a proprietary hashing scheme that produces a unique ID
number based on a number of things, they aren't part of any of the
political power blocks, and they deal with EVERYBODY that comes into the
center.
The two critical things for the scheme to work are:
1) A MANDATE (no exceptions, troops!) from top management.
2) A neutral, trusted group to administer it.
BTW, all of the SAs that I've talked to would LOVE to have a
central UID registry -- saves lots of calling around, but the mid-level
management wouldn't buy it. Several groups have already said that they
will provide the machine, software, and other expertise to the pass-house
people . . .
Sam'l Bassett, Sterling Software @ NASA Ames Research Center,
Moffett Field CA 94035 Work: (415) 604-4792; Home: (415) 969-2644
samlb at well.sf.ca.us samlb at ames.arc.nasa.gov
<Disclaimer> := 'Sterling doesn't _have_ opinions -- much less NASA!'
More information about the Comp.unix.admin
mailing list