| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 5669.1 | | PYRO::RON | Ron S. van Zuylen | Mon Feb 10 1997 21:51 | 14 |
| If any of the operating systems they use have 8 character username limits
and they want to have the same username and password *everywhere*, it's
pretty obvious what you'll need to do. 8 character usernames whenever
needed. You're on the right on track.
If we're talking about LAN Manager connections to UNIX servers (with
PATHWORKS V6 on Digital UNIX), you can use a Windows NT domain for
username and password authentication instead of the standard UNIX login...
but since we're talking Solaris and AIX, too, I don't think this is the
case. You're probably talking about normal command shell access, ftp,
etc.
--Ron
|
| 5669.2 | More comments ... | OTOU01::MAIN | Systems Integration-Canada,621-5078 | Tue Feb 11 1997 06:08 | 42 |
|
The single logon is not easy to implement as most companies have
numerous platforms that need to be compliant for it all to work.
A few pointers to look into:
- CA TNG apparently has single logon capability with NT and many
UNIX platforms (not a cheap solution though). Reference:
http://www.cai.com/press/97jan/tngtechb.htm
- ENtrust from NORTEL also apparently has this capability. Reference:
http://www.entrust.com/
- DCE is an industry move (being pushed by IBM right now, but has
support on NT and many UNIX platforms), but not sure if this would
be justified if you are not wanting to take advantage of other DCE
components as well.
- simple, but not user friendly, process is to use company badge
numbers as username. Perhaps combined with letter at beginning to
add additional info ie. ENG23532. This ensures uniqueness as well.
Also gets around problem of usernames changing ie. married/divorce
situations. Language issues are also not a problem if only numbers
are used ie. French, German and other European countries tend to have
longer names with accents etc..
Another advantage is increased security in that is easy to guess what
a username is for John Smith (smith, smithj or jsmith), so 1/2 of the
user/password combo is already done.
Hacker would then use knowledge of John Smith (perhaps by disgruntled
ex-employee) to complete the combo.
Guessing a badge number is more difficult.
Some OS's have comment field which could be used to enter real
name etc. Bottom line though is that some users will not be happy with
this approach.
Regards,
/ Kerry
|
| 5669.3 | | SUFRNG::VMSNET::S_VORE | Smile - Mickey's Watching! | Tue Feb 11 1997 07:03 | 13 |
| Even if you have the same username on all the systems, syncing the
passwords can get real difficult, especially if they're using Network
Information Services (NIS, formerly known as YP or Yellow Pages) to
share a username/password database between all the UNIX systems.
PATHWORKS on a DIGITAL UNIX system can help some, but not in a NIS
environment. I'd also recommend taking a browse through the PW/OSF and
Digital UNIX notesfiles as well as continuing this discussion here.
PATHWORKS for OSF/1 ranger::pwosf
DIGITAL UNIX turris::digital_unix
|
| 5669.4 | | ACISS2::DATZMAN | Vee Vont To Pomp You Up | Tue Feb 11 1997 08:27 | 12 |
| It's good to know of the PATHWORKS capability. They still use a fair
amount of PW but it may not be at V6 yet.
I like the idea of account names that are resistant to changes because
of marriage, name change, dept change, etc. They use an existing 2
character 3 number scheme based on thei IBM TOSS mail id. They don't
like it and hence the desire to move away from it. It might be
something taht they can use for the UNIX accounts until those users are
migrated to NT.
Dick
|