[4517] in Kerberos
Re: Kerberos Registration Procedures
daemon@ATHENA.MIT.EDU (Larry J. Hughes Jr.)
Tue Jan 24 18:08:26 1995
To: kerberos@MIT.EDU
Date: 24 Jan 1995 22:24:01 GMT
From: hughes@logos.ucs.indiana.edu (Larry J. Hughes Jr.)
In article <1732CBB69.SPGMNF@CMSA.BERKELEY.EDU>,
Mike Friedman (510) 642-1410 <spgmnf@cmsa.Berkeley.EDU> wrote:
>(A) Generation and assignment of principal names. What do you use for
> your principal name space and how do you get principals associated
> with people?
We pre-generate unique principal names for people in our Sybase database,
using a stored procedure. The principal names are a (often bizarre)
combintion of part of their first and last name.
>(B) Initial password creation/distribution. How do your users get
> registered with Kerberos? In particular, how do they obtain (or
> choose) their initial passwords in a way that is (1) secure and
> (2) reliably associated with them as individuals?
A new user (student, faculty, staff) takes her university ID card,
which contains a unique ID number, to one of several "priming" sites.
She shows the ID to a human on our staff, who enters it into a "priming"
program. This program pulls the person's pre-generated principal name out
of Sybase, generates a pseudo-random password, creates the principal in
Kerberos, and prints a little label with their principal name and password.
They are of course warned to destroy the label, and change their password
right away.
As there are no standard tools for doing any of this, I had to completely
roll my own. (Don't ask, I can't give it to you. :-)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Larry J. Hughes, Jr. hughes@indiana.edu
Software Engineer http://copper.ucs.indiana.edu/~hughes
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
