| T.R | Title | User | Personal Name
 | Date | Lines | 
|---|
| 5669.1 |  | PYRO::RON | Ron S. van Zuylen | Mon Feb 10 1997 21:51 | 14 | 
|  |     If any of the operating systems they use have 8 character username limits
    and they want to have the same username  and password *everywhere*, it's
    pretty obvious what you'll need to do.  8 character usernames whenever
    needed.  You're on the right on track.
    
    If we're talking about LAN Manager connections to UNIX servers (with
    PATHWORKS V6 on Digital UNIX), you can use a Windows NT domain for
    username and password authentication instead of the standard UNIX login...
    but since we're talking Solaris and AIX, too, I don't think this is the
    case.  You're probably talking about normal command shell access, ftp,
    etc.
    
    --Ron
    
 | 
| 5669.2 | More comments ... | OTOU01::MAIN | Systems Integration-Canada,621-5078 | Tue Feb 11 1997 06:08 | 42 | 
|  |     
    The single logon is not easy to implement as most companies have
    numerous platforms that need to be compliant for it all to work.
    
    A few pointers to look into:
    
    - CA TNG apparently has single logon capability with NT and many
    UNIX platforms (not a cheap solution though). Reference:
    http://www.cai.com/press/97jan/tngtechb.htm
    
    - ENtrust from NORTEL also apparently has this capability. Reference:
    http://www.entrust.com/
    
    - DCE is an industry move (being pushed by IBM right now, but has
    support on NT and many UNIX platforms), but not sure if this would
    be justified if you are not wanting to take advantage of other DCE
    components as well.
    
    - simple, but not user friendly, process is to use company badge
    numbers as username. Perhaps combined with letter at beginning to
    add additional info ie. ENG23532. This ensures uniqueness as well.
    Also gets around problem of usernames changing ie. married/divorce
    situations. Language issues are also not a problem if only numbers 
    are used ie. French, German and other European countries tend to have
    longer names with accents etc.. 
    
    Another advantage is increased security in that is easy to guess what 
    a username is for John Smith (smith, smithj or jsmith), so 1/2 of the 
    user/password combo is already done.
    
    Hacker would then use knowledge of John Smith (perhaps by disgruntled
    ex-employee) to complete the combo.
    
    Guessing a badge number is more difficult.
    
    Some OS's have comment field which could be used to enter real 
    name etc. Bottom line though is that some users will not be happy with 
    this approach.
    
    Regards,
    
    / Kerry
 | 
| 5669.3 |  | SUFRNG::VMSNET::S_VORE | Smile - Mickey's Watching! | Tue Feb 11 1997 07:03 | 13 | 
|  |     Even if you have the same username on all the systems, syncing the
    passwords can get real difficult, especially if they're using Network
    Information Services (NIS, formerly known as YP or Yellow Pages) to
    share a username/password database between all the UNIX systems.
    
    PATHWORKS on a DIGITAL UNIX system can help some, but not in a NIS
    environment.  I'd also recommend taking a browse through the PW/OSF and
    Digital UNIX notesfiles as well as continuing this discussion here.
    
    PATHWORKS for OSF/1		ranger::pwosf
    DIGITAL UNIX		turris::digital_unix
    
    
 | 
| 5669.4 |  | ACISS2::DATZMAN | Vee Vont To Pomp You Up | Tue Feb 11 1997 08:27 | 12 | 
|  |     It's good to know of the PATHWORKS capability.  They still use a fair
    amount of PW but it may not be at V6 yet.
    
    I like the idea of account names that are resistant to changes because
    of marriage, name change, dept change, etc.  They use an existing 2
    character 3 number scheme based on thei IBM TOSS mail id.  They don't
    like it and hence the desire to move away from it.  It might be
    something taht they can use for the UNIX accounts until those users are
    migrated to NT.
    
    Dick
    
 |