[4509] in Kerberos
Kerberos Registration Procedures
daemon@ATHENA.MIT.EDU (Mike Friedman (510) 642-1410)
Fri Jan 20 16:59:51 1995
To: kerberos@MIT.EDU
Date: Fri, 20 Jan 95 13:18:30 PST
From: spgmnf@cmsa.Berkeley.EDU (Mike Friedman (510) 642-1410)
We're still in the planning stages of a campus Kerberos service. (I've
got a test V4 server running and will be looking soon at V5). What I'd
like at this point is some feedback from other sites on how you deal with
the following (largely logistical and procedural) issues:
(A) Generation and assignment of principal names. What do you use for
your principal name space and how do you get principals associated
with people?
(B) Initial password creation/distribution. How do your users get
registered with Kerberos? In particular, how do they obtain (or
choose) their initial passwords in a way that is (1) secure and
(2) reliably associated with them as individuals?
I'd appreciate hearing from sites that run Kerberos in production and
have faced (or are facing) these issues.
As for our scale of operation: we expect eventually to have about 50K
principals. Because of the number of potential users on the campus, we
want to consider only procedures that are, in fact, feasible.
Thanks.
