Message-Id: <199709221527.IAA23007@mailhost2.cac.washington.edu> From: "James W DeRoest" <deroest@cac.washington.edu> To: "AST Webpage" <astweb@u.washington.edu> Subject: Lab authentication meeting minutes, 9/19 Date: Mon, 22 Sep 1997 08:27:37 -0700
-----Original Message----- From: Yonah Karp <yonah@u.washington.edu> Date: Friday, September 19, 1997 4:53 PM Subject: Lab authentication meeting minutes, 9/19
Folks,
Minutes from today's meeting are below. Again, please inform the group of any updates or new needs.
Of special note is the Kerberos failure testing we'll be doing next Tuesday. A subgroup which will include David and I will be working out the details for that on Monday.
Thanks to everyone's help, things look pretty good. (If we can say that around Oct 1 we'll all be happy.)
Yonah
====
09/19/97 -- SMB authentication
Present: David Cox, Rob Christ, Steve Jones, Mark McNair, Yonah Karp, Chad Warren, Betsy Williams
Nearly all of the ACC and CRC Macs and PC's are authenticating users against the Kerberos database via ftp (Macs) or Samba (PC's). There have been occasional situations where someone's password does not validate properly. Anomalies are being investigated. In addition, there are some logout problems which the Client Services folks are working on. Another issue is passwords which are greater than eight characters -- they are truncated by Unix systems but are not truncated by the lab authentication software. Steve will have bud truncate the password at 8 characters. UCS and CS will continue to work together on these and other emerging issues.
All three labs will use this authentication service. David says that A&.catS and Engineering may eventually want to use it as well.
Yonah would like to have a series of controlled failures of the Kerberos service in order to test it. We agreed that Tuesday would be a good day to do this kind of testing. Tests proposed include:
Have connections go to niven02 (Kerberos secondary server) Take niven01 (Kerberos primary) off the network Remove Ethernet interface Power down niven01
David and Yonah will coordinate this testing.
Currently, connections are going to simba02, rather than bud. When Adam Ith comes back (this weekend) connections will go to bud. Once everyone is on bud (which means simba02 is free) Steve will work on DNS issues, which means he will be able to work on redundancy for bud. The secondary for bud will be called "dub."
The current logging Steve is doing via the wtmp file looks sufficient. Bob (Jamieson) is tabulating the information. Steve offered to have a cron job run on a regular basis to summarize the information if CS gives him something they want run.
It was noted again that disusered folks can use the labs. While we realize that we need to rectify this situation, it is also no worse than our present state and is not a show-stopper. UCS Systems is working on the issue -- it's not an easy one.
The utility Yonah worked on with Adam which translates student number/ ssn to a name for the lab's wait list process is working fine.
"New" will run on X terminals in the CRC, and "renew" will run on a number of machines in the labs specifically set aside for that purpose, probably Macs as they're less popular.
"Renew" is ready for testing in the labs.
Tracy (Stenvik) wrote Web-based versions of "validate" and "who" which may be useful to lab folks. Yonah will send the URL's to Betsy, Chad, and David Cox.