Single site-wide uid space
Steve Simmons
scs at lokkur.dexter.mi.us
Mon Nov 5 11:36:02 AEST 1990
samlb at pioneer.arc.nasa.gov (Sam Bassett RCS) writes:
> The compromise that is being worked out (sloooooowly -- this
>place IS run by Civil Servants [sic], after all) is that the UNIX UID
>will be assigned by the people in the admin department who issue badges
>-- they have a proprietary hashing scheme that produces a unique ID
>number . . . The two critical things for the scheme to work are:
> 1) A MANDATE (no exceptions, troops!) from top management.
> 2) A neutral, trusted group to administer it.
> BTW, all of the SAs that I've talked to would LOVE to have a
>central UID registry -- saves lots of calling around, but the mid-level
>management wouldn't buy it.
I doubt that present hashing algorithm just happens to return numbers
less than 32K, which is the max uid on far too many UNIX boxes. A
better solution which still meets your criteria is uniqname. It is
a central repository that lets sites generate unique login ids and
UID numbers. It's particularly useful for collections of systems where
both the administration and the authority is distributed.
Uniqname might avoid the objections to a central service because it
is voluntary -- you can start it up and SAs use it without forcing
anyone to do anything. Or is your mid-management really so paranoid
they won't *allow* SAs to co-operate?
Uniqname is available from ftp.ifs.umich.edu, in ~ftp/sysadm/uniqname.
There's a paper describing it in the latest LISA Conference Proceedings,
available for $18 ($15 for USENIX members) from the USENIX Association,
2560 Ninth Street, Berkeley, CA, 94710.
--
" . . . within a nanometer (about a billionth of a yard) . . . "
Reader's Digest, November 1990, pp. 31
More information about the Comp.unix.admin
mailing list