[347] in Moira
Moira implications of SIS project
daemon@ATHENA.MIT.EDU (Mark Rosenstein)
Fri Oct 4 13:12:37 1991
Date: Fri, 4 Oct 91 13:13:07 -0400
From: Mark Rosenstein <mar@MIT.EDU>
To: jis@Athena.MIT.EDU, jon@Athena.MIT.EDU, tytso@Athena.MIT.EDU,
Cc: mar@MIT.EDU, moiradev@MIT.EDU
In-Reply-To: thorne@Athena.MIT.EDU's message of Fri, 04 Oct 91 12:41:39 EDT <9110041641.AA06524@deus>
This is a basic outline. More complete proposal to follow.
1. Database change: The user relation will store the MIT ID number in
clear text, a signature block authenticating the ID number and login
name, and a timestamp of when the secure password was created.
2. Query changes: new versions of the queries to retrieve, create, and
update user records will be needed to handle the new fields. The
register_user query must be modified to accept a signature block as
well. The old retrieval queries need to be kept for backwards
compatibility. Also, the ability to encrypt the data stream needs to
be added to the moira protocol (desired, but not necessary for initial
implementation).
3. Server changes: the server must implement the new queries mentioned
above. The retrieve is straightforward. The create_user,
modify_user, and register_user queries must verify the signature if
one is provided.
4. Registration server changes: it must create a signature and store
it in the database when registering.
5. Client changes: new moira clients are needed to handle the new user
information. The clients in the field are OK for retrievals with
old-style queries, but will not be allowed to update user information
in the database.
6. Secure password server: this server will create kerberos principals
and put a timestamp in the moira database when this is done. If there
is already a timestamp in the database for this user, they can't get a
new password without seeing an administrator.
7. Generator changes: a generator will need to be written to extract
the name<->id mapping along with the signatures, creating an encrypted
file. Another generator will be written which generates the paper
mail confirmation for secure password creations. The remaining
generators should be unaffected.
