Single Sign-on/Network Authentication Working Group

Minutes of meeting held December 13, 1994.
Send omissions/corrections in summary to the group.

ATTENDING.

	Emily Batista, Nirmalya Das, Alex Garthwaite, Shumon Huque, 
	Andrew White, Norm Morrison, Lila Shapiro, Noam Artz, Chris
	Hiester, Mark Litwack and Jim Johnson.

MEETING SUMMARY

PAS Modifications
-------------------

Alex presented an overview of the PAS API programs he has written 
to help SYSADMINS acquire unique Network id's for new users.

The API has 9 functions: 

card		- queries whether a network id exists for a given 	
		Penncard.
id		- checks if a network id is in use.
uniqueid	- checks if a unique id is in use.
session	- used to try to reserve a network id for the duration of 
		the session.
reserve	- used to try to permanently reserve a network id.
add		- add a new network id to PAS
update	- update an existing network id in PAS.
mail		- adds e-mail address for a unique id
quit		- ends the session.

Authentication Server
-----------------------

A test version of OSF DCE authentication has been installed, and  is 
being tested as part of the DCE class taught by Chris Shull.

Mark reported that he is now looking into acquiring an 
authentication product called cyberSAFE.  This comes as a result of 
security requirements identified for the Oracle Financial applications 
by the Client/Server Security group.  This product has potential  
because it supports Kerberos V4 & v5, and the vendor is working 
directly with Oracle Corp. 

The goal is to have a Kerberos-like server up and running by mid-
summer of 95.  However, this could be accelerated to meet the 
implementation schedule of the Financial applications.

Identify Multi-user Hosts
--------------------------
Todd Seelman from DCCS has developed a query from the Host Name 
Assignments Database to identify (as best possible) multi-user hosts.  
This can be run on demand, when needed to identify candidates for 
kerberization.

ACTION ITEMS
---------------
Norm Morrision and Andrew White - collect and analyze username 
space statistics.
Mark Litwack - Acquire and test CyberSAFE Authentication 
Software/Hardware.

NEXT MEETING
---------------

The next meeting is tenatively scheduled for Tuesday, January 24, 
1-3PM, in the conference room at 3401 Walnut Street, Suite 335B.
Confirmation will be sent via e-mail.