Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!zaphod.mps.ohio-state.edu!swrinde!ucsd!ucbvax!agate!shelby!riacs!pioneer.arc.nasa.gov!samlb From: samlb@pioneer.arc.nasa.gov (Sam Bassett RCS) Newsgroups: comp.unix.admin Subject: Re: Single site-wide uid space Message-ID: <1990Nov4.004817.2401@riacs.edu> Date: 4 Nov 90 00:48:17 GMT References: Sender: news@riacs.edu (James A. Woods) Reply-To: samlb@pioneer.arc.nasa.gov (Sam Bassett RCS) Distribution: na Organization: NASA Ames Research Center, Mtn Vw CA 94035 Lines: 37 Oi veh, yes, do I have ideas . . . We have exactly that problem here at Ames -- dozens of computer systems and hundreds of users. The default has been for individual SAs to assign UIDs in rough numeric and chronological order when someone wants an account. When there are more than 2 machines on a network, this is obviously a recipe for chaos. Federal computer security policy has gotten people to thinking about this problem in the last 3 years or so, but there have been political problems -- there are two large groups who have standardized, but neither is going to accept "dictates" from the other. And the rest of the computer "owners" are not going to take any guff from either one of the large groups. The compromise that is being worked out (sloooooowly -- this place IS run by Civil Servants [sic], after all) is that the UNIX UID will be assigned by the people in the admin department who issue badges -- they have a proprietary hashing scheme that produces a unique ID number based on a number of things, they aren't part of any of the political power blocks, and they deal with EVERYBODY that comes into the center. The two critical things for the scheme to work are: 1) A MANDATE (no exceptions, troops!) from top management. 2) A neutral, trusted group to administer it. BTW, all of the SAs that I've talked to would LOVE to have a central UID registry -- saves lots of calling around, but the mid-level management wouldn't buy it. Several groups have already said that they will provide the machine, software, and other expertise to the pass-house people . . . Sam'l Bassett, Sterling Software @ NASA Ames Research Center, Moffett Field CA 94035 Work: (415) 604-4792; Home: (415) 969-2644 samlb@well.sf.ca.us samlb@ames.arc.nasa.gov := 'Sterling doesn't _have_ opinions -- much less NASA!'