Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!uw-beaver!rice!sun-spots-request From: hedrick@geneva.rutgers.edu (Charles Hedrick) Newsgroups: comp.sys.sun Subject: Re: Organisation-wide uids Keywords: SunOS Message-ID: Date: 7 Apr 89 12:08:38 GMT References: <1555@etive.ed.ac.uk> Sender: usenet@rice.edu Organization: Rutgers Univ., New Brunswick, N.J. Lines: 24 Approved: Sun-Spots@rice.edu Original-Date: 29 Mar 89 21:38:13 GMT X-Sun-Spots-Digest: Volume 7, Issue 229, message 2 of 15 In theory secure RPC could be used to avoid having organization-wide uid's. However it's going to take some work to make that actually happen (and for non-U.S. customers you'd need to do some hacking to get secure RPC to work anyway). Currently we do in fact have university-wide uid's. We have a program that is used to create new users. It talks to a central server that keeps a global username/uid database. Different departments can customize the program as they like to fit their environment, but they at least have to get uid's from the common database. I'm not real enthusiastic about this, since you can only have 32K of uid's. (There are security problems with having uid's above 32K under release 4.0.) But so far we've been able to live with it. We are strongly encouraging Sun to both - do the necessary work on tools so that secure RPC can really be used to decouple different departments' networks. (Also figure out a way to get it to non-U.S. customers. I suggest shipping the code from the U.S. with the des module left out, and letting Sun in Finland supply des.o.) - expand uid's and gid's to 32 bits (and while they're at it, user names to 39 characters). I have no idea how you'd integrate VMS into this. I was hoping that the VMS implementations would provide some sort of mapping.