Single Sign-on/Network Authentication Working Group

Minutes of meeting held November 8, 1994.
Send omissions/corrections in summary to the group.

ATTENDING.

	Grover McKenzie, Shumon Huque, Andrew White, Mark 
	Litwack and Jim Johnson.

MEETING SUMMARY

PAS Modifications
-------------------

Mark presented a revised proposal specifying how Network ID and 
Password management will be handled in the modified PAS system.  
The group provided feedback suggesting that: 

	*  SSN changes in PENNcard be synchronized with PAS.
	*  a username change function be added to the specifications.
	*  a PAS change log be provided that sysadmins could reference 
	to clean up local security.

Multiple usernames assigned to a person
------------------------------------------

Next, the group discussed a new issue raised by Lila Shapiro 
regarding the goal of single signon.  In practice, some people are 
intentionally assigned multiple usernames for accounting purposes.  
Resource consumption is monitored by username and can then be 
related and billed to a specific project.

The current model for enhancing PAS to unify the username space, 
assumes a single username per person.  A policy decision needs to be 
made to determine if this practice will/must continue, and thus 
become incorporated into the requirements of a PAS and ultimately 
Kerberos authentication solution.  In the mean time,  some research 
is needed to determine how the Kerberos database might deal with 
this problem.

Kerberos Installation
----------------------

Mark reported that the Kerberos installation can be completed once a 
licensing agreement is finalized with DEC.  Should be done this week.

Identify Multi-user Hosts
--------------------------
Jim is working with Todd Seelman from DCCS on the best way to 
filter data available from the Host Name Assignments Database to 
identify multi-user hosts.

Current Environment Assessment
-----------------------------------
The group reviewed the Current Environment Assessment document 
drafted by Jim.  Constructive comments were given and will be 
incorporated into the document.

ACTION ITEMS
---------------

Norm Morrision - collect and analyze username space statistics.
Mark Litwack and Alex Garthwaite - install and test Kerberos.
Jim Johnson - identify multi-user hosts in the upenn.edu domain.

NEXT MEETING
---------------
The November 22 meeting is canceled.  It was felt that the time 
would be better spent working on assigned tasks.  If compelling 
issues arise in the mean time, the meeting can be re-scheduled.

The next scheduled meeting will be December 13 from 1-3PM.
As usual, the location is the UDC conference room, 3401 Walnut - 
Suite 335b.