Date: Wed, 27 Nov 1996 08:30:30 -0800 (PST) From: James W DeRoest <deroest@cac.washington.edu> To: AST WebAdmin <astweb@neruda.cac.washington.edu> Subject: Re: DCE Meeting minutes, 11/22/96 In-Reply-To: <Pine.OSF.3.95.961126173913.28663E-100000@saul2.u.washington.edu>
On Tue, 26 Nov 1996, Yonah Karp wrote:
>
>
>
> ========
> 11/22/96 DCE/ Uniform Namespace Meeting
> ========
>
>
> PRESENT
>
> Jim DeRoest, Jim Fox, Brad Greer, Yonah Karp, Doug Luft,
> Ken Marquess, Ken Lowe, Lori Stevens, Tracy Stenvik.
>
>
> NEXT MEETING
>
> Friday, 12/06/96, 10:30 a.m.
>
>
> Server populating (Yonah)
>
> As of the meeting, 47,500 principals are in the security
> registry. Yonah talked with IBM about why secd died (around
> 43K). She got all of the new patches from IBM, and sent
> them the core dump. They decided from the core dump that
> we had run out of paging space (this is with 2 - 256Mb
> partitions which each usually look at least 75% unused --
> strange).
>
>
> Kerberos MIT meeting (Brad)
>
> Brad gave a report on the Kerberos meeting he just went to
> at MIT. The V5 servers will replace V4 with no problem, but
> migrating from V4 to V5 will likely be quite difficult. The
> new software uses GSSAPI. Microsoft was there -- they plan
> on supporting Kerberos. Their applications will be able to
> operate with the same cache.
>
> In the V5 discussion, MS was quite vocal -- their NT
> architect/ security person was there and promised K5 will
> be NT's authentication protocol. The Apple person, however,
> was not very impressive -- noncommittal at best.
>
> There was much discussion of getting an NT domain, a
> Kerberos realm, and a DCE cell to all talk with each other.
>
> Jeff Schiller talked about X.509 certificates and about
> how Kerberos provides certificates at MIT (when you do a
> Kerberos login, you get a certificate).
>
> Doug Engert was an attendee and contributor in these
> discussions.
>
> NT 5 is supposed to break the barrier of how many principals
> are in the DB -- limit will be close to a million, rather
> than the current 10K.
>
>
> Namespace issues (Yonah)
>
> Yonah sent out another message to multiple username people
> 11/6. The next message will be 12/2, and the cutoff date is
> 1/20. We are still finalizing what will happen on 1/20 (as
> well as the wording of the 12/2 message). Oren suggested on
> 1/20 that these users be given a shell that would run
> pickname. Ken pointed out some technical problems doing this
> and suggested a text shell that would send us mail.
>
>
> DFS (Tracy)
>
> Tracy is going to move the DFS server from Digital Unix
> (neruda) to AIX (melville). Since we'll likely want to
> run DFS on the u.washington.edu cell from an AIX box or
> boxes, this is a wise move.
>
>
> Lexis-Nexis (Yonah)
>
> Yonah got mail from Dave Skeen at Lexis-Nexis, where they
> are working towards a million-principal cell. Check out
> the scalablity report for DCE security servers at
>
> http://www.lexis-nexis.com/distcomp/WhitePapers/dceregis.htm
>
> More info is at http://www.lexis-nexis.com/distcomp.
>
>
> Cell admin/ leave (Yonah)
>
> Yonah needs people to take over cell administration and
> other DCE work while she is on leave. After requesting
> this, some good-natured joshing ensued, but a couple of
> brave souls volunteered later to help cover some of the
> work. There are still some tasks that need to be covered,
> though.
>
>
> NLM-NII grant (Stevens)
>
> There will be a FTE security / DCE person hired soon.
> The project is cross-group -- MCIS, Health Sciences
> Libraries, and C&C are working together on this project
> and thus this person will need to divide his/ her time
> accordingly.
>
>
> Misc
>
> Jim DeRoest brought up the issues of multiple cells and
> hierarchical cells. We'll need to investgate these more
> thoroughly for possible use with the NLM-NII project,
> departmental use, and use by affiliated colleges we
> are helping serve through the libraries.
>
> Jim DeRoest has also been looking into the ldap (lightweight
> directory access protocol) server he downloaded from
> Netscape. He described ldap as a "cut down X.500." "Cut
> down" is relative -- the server is 100Mb. There's a lot of
> bashing and praising about ldap right now; Jim wanted to see
> just what it does. (We've been waiting for the code from
> IBM for some time -- the ldap Jim has, from Netscape, is
> basically Michigan's ldap.) Ldap allows you to link to a
> number of different database types and serve them over SSL.
> On the U Mich home page (not CITI, though CITI is involved),
> you can link to anything in their GDS/ CDS. Ldap is a good
> tool for getting to several different DB types.
>
>