|
|||||||||||||||||||||||||||||||||||
|
Userid Management
For a distributed computing environment to work, it is necessary to have a single, unique namespace. Every user should have one unique userid with associated password, thus the userid management component of the DCI. Centralized userid management makes life easier on both the users and the system administrators. A user has only one userid and password that allows them access on the different systems in the environment, much easier than having to remember any combination of userids and passwords on different systems not participating in a single namespace. Some account managament such as creation, password changes, and expiration can be centrally managed under an environment using single namespace, making life easier for the system administrator as well. Userid Management really sits on top of two other DCI components, AFS and Kerberos. A text-based database resides in AFS space that houses information on users, all the infomation that would reside in a standard UNIX /etc/passwd file as well as a list of ATN services to which a user is subscribed. A set of tools, the prop tools, are used to propagate this information to each machine participating in the DCI. The DCI bases all authentication through Kerberos. User's passwords are encrypted into a electronic key and are stored in a central server. Each time a user gives his password to a particular machine, the Kerberos client translates the text into an electronic ticket and authenticates you according to whether or not ticket on the central server matches the newly created one. |
||||||||||||||||||||||||||||||||||
|
Maintained by: dci@unc.edu Url: http://www.unc.edu/depts/atn/dci/dci_components/userid_management/userid_management.html Last Updated: 06 September 2002 | |||||||||||||||||||||||||||||||||||
