From: paul@uxc.cso.uiuc.edu (Paul Pomes - UofIllinois CSO) Date: Mon, 3 Dec 90 22:44:51 GMT Apparently-To: info-kerberos@ux1.cso.uiuc.edu The Computing Services Office at the University of Illinois is investigating whether to make the switch to Kerberos for user authentication. I would like to describe our environment and ask how people in similar circumstances have handled it. Unlike the Athena environment, CSO manages a collection of large multi-user machines and not a horde of single-user workstations. The CPUs of interest are a Sequent Symmetry and Balance, Convex C-240, IBM RS6000/540, Pyramid 98x, and VAX 3500 (4.3 BSD). We have also have a central registry of users that provides each person with a unique alias (qi). Linked to this alias is their preferred email address and the other information found in the campus phone book. Users can change some of the information about themselves by providing a password. My proposed plan is to first convert qi to Kerberos. qi keeps passwords in the clear and so it should fairly easy to move the alias/password information into Kerberos. Next the Kerberos r-commands would be installed on the mainframes in /usr/new while we test the system and train users. At some future time the vanilla r-commands are copied to /usr/old as well as their Kerberos names in /usr/ucb. Are their any fatal flaws to this plan? How hard have other sites found it to convert? Is it worth doing so in the mainframe environment? All advice and answers appreciated. /pbp -- Paul Pomes ^X^C rm -f /usr/local/bin/emacs; vi file -- All the EMACS you need to know. UUCP: {att,iuvax,uunet}!uiucuxc!paul Internet, BITNET: paul@uxc.cso.uiuc.edu US Mail: UofIllinois, CSO, 1304 W Springfield Ave, Urbana, IL 61801-2910